Job Family:IT Risk & Controls Consulting
Travel Required:None
Clearance Required:Ability to Obtain Public Trust
What You Will Do:Guidehouse is seeking an IT Audit & Compliance professional to help our client at a large federal agency pursue and maintain compliance with federal cybersecurity frameworks. This role focuses on audit preparation and coordination. The candidate will:
- Coordinate internal and external audit activities across federal information systems, ensuring teams, schedules, evidence, and documentation remain audit-ready.
- Prepare, maintain, and organize assessor-ready artifacts including SSPs, control narratives, SOPs, POA&Ms, continuous monitoring reports, and structured evidence packages.
- Interpret and apply requirements from federal cybersecurity and audit frameworks, including:
- NIST SP 800-53 (security and privacy controls), NIST SP 800-37 (RMF), NIST SP 800-171 (CUI), FISMA, FISCAM, OMB Circular A-123, FedRAMP, and adjacent frameworks such as SOC 1/2, HIPAA, the Privacy Act, and IRS Publication 1075.
- Support audit readiness activities by coordinating evidence collection with engineering, ISSO/ISSM, infrastructure, cloud, and application teams.
- Track audit findings, maintain POA&M items, and facilitate remediation progress across technical and business teams.
- Translate technical implementations into clear, assessor-ready documentation through strong technical writing and stakeholder coordination.
- Draft and refine policies, procedures, and control narratives, and coordinate teams through internal audits, readiness assessments, and corrective action plans.
What You Will Need:- Must be able to OBTAIN and MAINTAIN a Federal or DoD "PUBLIC TRUST"; candidates must obtain approved adjudication of their PUBLIC TRUST prior to onboarding with Guidehouse. Candidates with an ACTIVE PUBLIC TRUST or SUITABILITY are preferred.
- Bachelor's degree in information systems, Cybersecurity, Computer Science, Accounting/IS Audit, or a discipline related to this project.
- Three (3) or more years of IT Audit & Compliance experience.
- Experience implementing or assessing NIST SP 800-53 control requirements in production environments (cloud and/or on-prem).
- Knowledge of federal cybersecurity and audit frameworks. (This could include NIST SP 800-37 (RMF), NIST SP 800-171, FISMA, FISCAM, OMB Circular A-123, or FedRAMP.)
- Demonstrated ability to create accurate, assessor-ready documentation (This could include: SSPs, procedures/SOPs, control narratives, POA&Ms, ConMon reporting, evidence packages).
- Preference will be given to candidate's located within the DC Metropolitan area.
What Would Be Nice to Have:- Active and/or the ability to maintain a Top-Secret security clearance.
- Federal consulting experience.
- Relevant certifications including, but not limited to: CISA, CGRC, CISM, CISSP, and CCSP.
- Experience supporting internal audits or external assessments (e.g., 3PAO, independent assessor, IG, state/federal auditors).
- Familiarity with enterprise processes such as IT Service Management, Change Management, and SDLC/DevSecOps workflows that commonly supply audit evidence.
- Experience collecting and organizing technical and procedural evidence such as IAM configurations, logging/monitoring outputs, vulnerability scans, patch evidence, change records, architecture diagrams, and DR/backup artifacts.
- Understanding of common security domains: access management, configuration hardening, vulnerability management, logging/monitoring, incident response, backup/DR, encryption/key management, and SDLC/DevSecOps.
- Strong written and verbal communication skills, with the ability to work across diverse teams and translate technical concepts into assessor-friendly language.
The annual salary range for this position is $98,000.00-$163,000.00. Compensation decisions depend on a wide range of factors, including but not limited to skill sets, experience and training, security clearances, licensure and certifications, and other business and organizational needs.
What We Offer:Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.
Benefits include:
- Medical, Rx, Dental & Vision Insurance
- Personal and Family Sick Time & Company Paid Holidays
- Position may be eligible for a discretionary variable incentive bonus
- Parental Leave and Adoption Assistance
- 401(k) Retirement Plan
- Basic Life & Supplemental Life
- Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts
- Short-Term & Long-Term Disability
- Student Loan PayDown
- Tuition Reimbursement, Personal Development & Learning Opportunities
- Skills Development & Certifications
- Employee Referral Program
- Corporate Sponsored Events & Community Outreach
- Emergency Back-Up Childcare Program
- Mobility Stipend
