Previous Job
Previous
IT Audit / Risk Management Lead
Ref No.: 18-04099
Location: Washington, District of Columbia
Responsibilities:
1. Leads Risk Management Program 
  • Analyze root cause analysis of submitted IT risks and make recommendations to mitigate or accept the risk
  • Assist risk owners to define milestones and remediation steps
  • Track risk status and milestone progress (project management
  • Present risks and status to IT management (formal meetings)
  • Provide formal training on risk management program
 
2. Vulnerability Analysis
  • Assist CISO in remediation of vulnerability management scan defects
  • Analyze scan reports (Nessus, Webinspect, Guardian etc.), group similar defects to open service tickets
  • Track and report on remediation status (project management) metrics
 
3. Policy & Procedures
  • Create (new) and review (existing) IT  policies and procedures based on NIST 800-53 standards for FCC
  • Keep abreast of changes to FISMA, NIST, OMB, and other Federal regulations/standards, determine applicability to FCC and make recommendations to bridge gaps
 
Qualifications:
  • CISSP and CISA certifications required
  • Certified in Risk and Information Systems Control (CRISC) preferred
  • 7 – 8 years in IT Security and IT Risk Management / Audit
  • Bachelor’s Degree or higher
  • Big 4 or External Audit Experience or Federal Audit/Information Security experience required
  • Excellent working knowledge of Excel queries (vlookups, match/index, etc.) is required
  • Proven ability to multitask, work prioritization and people management skills is key
  • Ability to work independently with minimal supervision
  • Take full ownership of work-streams and ability to make independent decisions is key