IT Systems Auditor with Security Clearance

Overview At Criterion Systems, we developed a different kind of business-a company whose real value is a reputation for excellence built upon the collective skills, talents, perspectives, and backgrounds of its people. By accepting a position with Criterion Systems, you will join a group of professionals with a collaborative mindset where we share ideas and foster professional development to accomplish our goals. In addition to our great culture, we also offer competitive compensation and benefit packages, company-sponsored team building events, and advancement opportunities. To find out more about how Criterion can help you take your career to the next level please visit our website: . As a Federal IT services provider, USDA/DISC must support numerous audits, data calls, and reviews conducted at Departmental, Agency, and Data Center levels. USDA/DISC must also track, provide status updates, and respond to follow-up inquiries made on recommendations and observations by external audit groups, including the Department of Homeland Security (DHS), Office of the Inspector General (OIG), and the Government Accounting Office (GAO). This position is part of the Security Governance Branch of the USDA/DISC. In this role, you will serve as a technical expert for supporting internal and external audits, assessments and reviews of DISC security controls, analyzing the results, and making recommendations to senior management for improvement. You will be tasked with performance of continuous assessments in support of USDA Continuous Assessment and Authorization (A&A) processes, as well annual A-123 testing activities. You will also perform validation reviews and tests of corrective actions implemented in response to audits, assessments, and reviews to determine if the actions are fully implemented and sustained. Success in this role requires you to make effectively communicate and collaborate with USDA/DISC customers, technical staff, business partners, managers, and internal and external auditors. Responsibilities Perform the tasks of continuous assessment and authorization (A&A) process following the organizations'' RMF process * Develop and document the Security Assessment Plan (SAP) * Execute accepted SAP and assess the required Security Controls * Develop security assessment reports and recommend Plans of Action and Milestones (POA&M) * Manage the process of completing Concurrency Reviews * Perform the A-123 assessment of systems according to agency guidance * Develop and document the Test Plan * Execute General Computer Controls (GCC) testing * Document Testing Results in Cyber Security Assessment Manager (CSAM) * Develop the following reports and documentation * security assessment reports * Summary of Aggregated Deficiencies (SAD) * Corrective Action Plans (CAPs), with recommendations * Recommend Plans of Action and Milestones (POA&Ms) * Draft Annual Certification Statements. * Update assessments when revisions to National Institute of Standards and Technology Special Publication (NIST SP) 800-53, and other applicable regulations and guidance, are adopted by the agency * Support execution of long-term audits for a wide range of information technology systems and programs, occasionally lasting beyond one year * Administer and evaluate results of audits of computer systems, management controls, information technology strategies, and organizational structures of the assigned program * Carry out broad audit assignments that require integrated analysis of several different systems * Attend conferences where audit objectives, scope and focus areas are defined * Administer audit plans and efforts executed at different agencies, locations and organizational management to ensure auditors collect requested information * Work with highly interpretive laws and regulations administers audits performed on programs that may have highly controversial problems * Analyze statutory requirements against existing directives to assess the degree of change necessary to comply with new requirements * Report audit findings that may shape major programs, affect compliance with new legislation, or facilitate the resolution of long-standing problem areas of vital importance to the agency * Develops new collection, evaluation and reporting approaches where no precedent exists * Track audits, assessments, and reviews, and maintain the DISC files for OIG, GAO, DHS and other engagement * Maintains an audit follow-up system to facilitate the prompt and proper resolution and implementation of audit recommendations * Conduct follow-up on audit resolution and corrective actions * Maintain liaison with internal and external IT audit stakeholders on technical, management and reporting matters concerning specific aspects of the IT or Program audit project * Serve as a contact for notifying appropriate organizations, management and stakeholders of the start of an engagement * Coordinate meetings between program and control stakeholders and external audit groups like OIG, GAO and DHS * Coordinate OIG or GAO requests for documentation, data, and information, or meetings with specific Management Officials * Coordinate comments to external draft and final audit reports, as well as any subsequent audit follow-up about recommendations or findings described in the final audit report * Evaluate managements'' corrective actions to ensure actions are responsive to audit recommendations, follow-up on the status of agreed-upon open corrective actions and provide reports as needed at the request of internal and external organizations * Reviews and interprets system security policy, guidelines, and procedures for systems processing multiple applications that require diverse, and at times, conflicting security controls that are typically accessed by a large distributed user community. * Evaluate and interpret policy and procedural controls covering: * Access Control, Audit and Accountability, Awareness and Training, Configuration Management, Contingency Planning, Identification and Authentication, Incident Response, Maintenance, Media Protection, Personnel Security, Physical and Environmental Protection, Program Management, Risk Assessment, Security Assessment and Authorization, System and Communications Protection, System and Information Integrity, and System and Services Acquisition Security * Establishes risk-management procedures and ensures that risk-management techniques are applied to all new or modified computer applications * Execute technical risk assessments using a variety of security control reports and data to evaluate current system security posture, monitor control activities or respond to data calls * Ensures the confidentiality availability and integrity of IT systems through full compliance with the Federal Information Security Management Act, related NIST standards, and agency IT security policies and standards * Provide weekly status reports, orally and in writing * Stay abreast of changing and emerging technology * Monitor and evaluate technology changes that affect systems security Qualifications Minimum Requirements: * At least 5 years of experience managing an audit or compliance programs in enterprise information technology (IT) organizations * Bachelor''s Degree, or equivalent work experience in lieu of degree * Working knowledge of the technical requirements of applying the Risk Management Framework (RMF) to Federal information systems in an enterprise Federal data center * Working knowledge of the technical requirements of performing OMB Circular No. A-123 assessments to Federal information systems in a large Federal data center * Working knowledge of the technical requirements of applying the Federal Risk and Authorization Management Program (FedRAMP) requirements to Federal information systems in a large Federal data center * Good communications skills, with customers, team and stakeholders * Skilled in facilitating meetings * Ability to thrive in a collaborative environment * Proficient using MS-Word, MS-Excel and MS-Project software, and possess strong abilities in writing technical documents * Knowledge of information technology (IT) governance practices related to operation of Federal enterprise IT systems * US Citizenship * Must be able to obtain a Public Trust Clearance Desired Requirements: * Master''s degree* CISA or CIA certifications* At least 6+ years'' experience managing audit or compliance programs in enterprise Federal information technology (IT) organizations* Demonstrated familiarity with information technology (IT) governance practices related to Federal systems* Private sector experience* Work history for accredited auditing firms* Financial sector background* Experience with ''SSAE 18'', ''SOC 1 Type II'', or ''AICPA'' audits Criterion Systems, Inc. is committed to equal employment opportunity and non-discrimination at all levels of our organization. We believe in treating all applicants and employees fairly and make employment decisions without regard to any individual''s protected status: race, ethnicity, color, national origin, ancestry, religion, creed, sex/gender, gender identify/gender expression, sexual orientation, physical and mental disability, marital/parental status, pregnancy (including childbirth, lactation, and related medical conditions), age, genetic information (including characteristics and testing), military and veteran status, or any other characteristic protected by law. For our complete EEO/AA and Pay Transparency statement, please visit /.

Created: 2025-11-01