External Auditor Consultant (FISMA, SOX) (Intermediate) - 4LOCS(F)

External Auditor Consultant (FISMA, SOX) (Intermediate)

Personnel Qualifications:

• A related bachelor’s degree in Information Technology, Information Assurance, Accounting Information Systems or five (5) years of equivalent experience.
• At least five (5) years of experience with: FISMA, FISCAM, NIST, SOX, COBIT, Systems Development Life Cycle (SDLC), Risk Management Framework (RMF) strongly desired.
• Experience with financial applications.
• Experience with evaluating cloud internal controls reports, SOC-1 and SOC-2.
• Experience with leading financial IT audits and successfully developing audit and security related system documentation to reduce risk and meet control requirements desired.
• Experience in developing a Risk Control Matrix, Test of Design and Test of Effectiveness (TOD/TOE).
• Prior experience as an IT auditor, IT security analyst, IT manager, business analyst, system administrator or a combination of these.
• Possess clear, concise, and effective verbal and written communication and project management skills needed for functioning in an unstructured matrix management environment.
• CISA or CISSP certification strongly preferred.

Capabilities:

• Participates in the process to evaluate, develop, maintain, and update the technology compliance program. Advises the technology support officer and technology managers on compliance, information security, and internal controls.
• Prepares the technology departments for the yearly financial statement audit and SOX internal control reviews.
• Assists in developing required documents in support of internal SOX or FISMA reviews.
• Simultaneously works on several complex assignments requiring analysis of control applicability and evaluation of control gaps for financial systems.
• Develops solutions with team members to minimize vulnerabilities.
• Advises the technology officer of SOX and compliance issues and recommends solutions.
• Recommends and helps implement Governance, Risk & Compliance (GRC) tools to increase automation in the areas of compliance, auditing, and vulnerability detection for the branch.
• Designs, tests, and reviews controls for compliance and ensures proper documentation is recorded.
• Creates audit and monitoring reports used by the team as directed.
• Works independently and meets deadlines for assigned tasks.