Reston | Virginia | United States
Senior IT Cybersecurity Auditor to join the Office of the CISO’s Cybersecurity Audit and Compliance team in Reston, VA. This position requires a person with hands-on Information Systems Security Engineering/Cybersecurity Engineering experience with information system security assessments, Risk Management Framework (RMF) or NIST Cybersecurity Framework implementation. They will primarily interface with the technical IT functional teams to perform cybersecurity audits, provide SME guidance in remediating discrepancies, and validate plans of actions and milestones to ensure compliance with internal standards and DFARS requirements. In this role, they will be instrumental in the building, implementation, and maturation of a comprehensive and repeatable Cybersecurity IT audit and compliance program. The Senior IT Auditor will take a proactive approach partnering and engaging with the IT functional teams to validate current and new cybersecurity compliance requirements to ensure DFARS compliance ESSENTIAL FUNCTIONS: (This list may not include all essential functions) • Responsible for conducting cybersecurity design and effectiveness assessments of BAE Systems IT Operational and Applications functional groups to ensure compliance with internal standards as informed by NIST 800-53 and 800-171 standards. • Validates that processes and procedures, documentation, and other supporting artifacts required for compliance are provided, are maintained by the functional team, and support compliance. • Manages audit plan to ensure on time performance of assessments by IT functional groups; maintains and reports weekly status. • Remains current on cybersecurity auditing practices, emerging threats, industry regulatory changes, and internal company policy and process changes. • Proactively interfaces with BAE Systems IT functional groups to enhance their understanding of the Cybersecurity controls to drive improved security compliance and management of risk, and to strengthen effectiveness of cybersecurity controls. • Prepares and reports on audit recommendations and ensures they are accurately tracked in audit repository. • Interfaces with IT functional groups to ensure their plan to remediate discrepancies is aligned with internal company IT standards; develops remediation validation plan and works with IT functional groups to validate compliance per the remediation schedule. • Performs other related duties and responsibilities as required
QUALIFICATIONS: • Specific knowledge of NIST SP 800-171 and NIST SP 800-53 or similar security controls. • Working knowledge of Risk Management Framework (RMF) or NIST Cybersecurity Framework implementation. • General knowledge of IT Applications operations and technologies, and IT Operational services such as Network Infrastructure technologies (WAN/LAN), Cybersecurity, Active Directory, Backup & Recovery, Data Centers, Messaging, Mobile Technologies, Remote Access, Storage, Operating Systems, Virtualization Services, and IT Service Desk. • General knowledge of the interrelationships between IT Applications Experience articulating cybersecurity requirements and controls across technical boundaries in a clear, concise, and organized manner. • Specific knowledge of foundational IT processes that support an IT environment such as Change Management, Configuration Management, etc. • Proven ability to synthesize information from multiple sources to draw logical conclusions and support audit analysis and remediation validations. • Functions well both as an individual contributor and in team environments where collaboration and adaptability are important. • Extensive experience building productive, collaborative, and sustainable internal working relationships. • Demonstrated ability to handle multiple concurrent projects, meet established deadlines and quickly adapt to changing priorities, all while working under limited supervision. • Excellent verbal and written communication skills, ability to effectively communicate with technical and non-technical audiences. • Cybersecurity Certification such as: o Cybersecurity Analyst (CySA+) o Certified Information Security Auditor (CISA) o Certified Authorization Professional (CAP) o Security + CE o GIAC Security Essentials Certification (GSEC) o GIAC Systems and Network Auditor (GSNA)
8+ years of experience and increasing responsibilities in IT audit and compliance roles.
Bachelor's or Master’s degree from an accredited college or university, preferably with an emphasis in information systems, computer science, accounting, business or other related fields, and a minimum of ten (10) years of experience that is directly related to the duties and responsibilities specified.
Thank you. Please complete your application on the next page.
HRU has developed a large network of available candidates nationwide, as the company has been providing recruiting and staffing services in up to 22 States for over 25 years. We specialize in engineering, IT, technical and other support services. We are able to recruit and successfully place candidates in job openings in a variety of other fields and positions as well, such as human resources, administration, management, purchasing, sales, customer service, accounting, organic chemistry and more. HRU is able to service clients, regardless of location, by assigning an Account Manager and experienced Recruiters to provide the necessary staffing and support services. Likewise, HRU may assist job seekers anywhere in the United States, regardless of location.
This site uses technology such as cookies to give you a personalized experience. Click below to consent to the use of this technology.