Job Description :
Our Direct Client , is responsible the Security and Compliance of Information Systems and Data. It seeks an expert Audit Analyst (documented history of success is a must) to assist with the establishment, implementation and/or enhancement of and overall IS Audit and Compliance program.
DAILY DUTIES / RESPONSIBILITIES:
The Audit Analyst will report to the Client and operate as an experienced consultant to Client's leadership, business units, business partners and vendors. Audit Analyst will be responsible for the successful leadership and strive for favorable outcomes of all Information Audit and Assessment activities.
Program Experience:
Experience with CMS MARS-E or other FISMA Risk Management Framework (RMF) compliant programs is strongly desired and will be given the highest weight. Experience must include well documented success in the performance of security focused processes and procedures supportive of a secure, compliant enterprise architecture.
Experience with Audit and Assessment of RMF tasks and artifacts, as related to the System Development Life Cycle (SDLC) is ideal.
Experience in audit and assessment of multi-tenant environments, cloud services and vendor interface management would be considered desirable for this position.
Technical Knowledge:
Experience with audit and assessment capabilities related to any or all the following technologies would be considered a desirable for this position:
Medicaid Management Information Systems (or other Health Information Technologies)
Network Design and System Architecture
IBM System 390/zSeries
Linux and Windows servers
General Duties and Responsibilities:
1. Assist (and often lead) in the design, development, implementation and/or ongoing maturation of Client's Audit and Assessment activities
2. Lead audit and assessment of internal agency systems as well as business partner/service provider information systems.
3. Lead third-party audits and/or assessments of agency and business partner systems
4. Utilize Microsoft Office software suite, eGRC system, Bizagi, Atlassian and other products to document and report on information gathered during Audit and Assessment activities or other efforts.
5. Collaborate with agency leadership, business partners and other parties/stakeholders to provide recommendations on risk acceptance and risk mitigation efforts as related to Audit and Assessment activity results.
REQUIRED EDUCATION/CERTIFICATIONS:
1. BS degree in computer science or similar discipline.
2. Certified Information System Auditor (CISA) or equivalent certification (may present relevant work experience)
REQUIRED SKILLS (RANK IN ORDER OF IMPORTANCE):
1. 5+ years of experience in Information System Audit and Assessment activities
PREFERRED SKILLS (RANK IN ORDER OF IMPORTANCE):
1. Prior experience in working with any eGRC systems.
2. Prior Health Information Technology experience.
PREFERRED EDUCATION/CERTIFICATIONS:
1. ISC(2), ISACA, SANS GIAC and/or other Information Security Certification.
2. Project Management Professional (PMP)
The resources need to be on our W-2 as per requirements with this Client.