You will work with our engineers, support representatives, and external auditors to:
Perform complex, senior-level auditing and advisory work to develop a new audit program and processes for SOC2 and Department of Defense (DOD) Cybersecurity Maturity Model Certification (CMMC) / FedRAMP.Conduct research, benchmarking, examining and reviewing records & financial statements.Perform data & risk analyses, identify appropriate controls, assess business processes, and evaluate management processes.Manage the development of an appropriate audit scope, selection of an external auditor, and successful completion of audits annually.Continuously collect operational documentation and data samples in order to close process gaps or to document accepted risk before a gap becomes a finding.Maintain relationships with our external auditors to anticipate changes to audit focuses and prepare the organization for them.Educate the organization about audit requirements, risk analysis and controls, and assist us with integrating best practices into our existing operational framework.Identify and document corrective actions that need to be taken based on audit reports.Respond to client requests for documentation of our processes and audit reports.Understand and follow changes to CUECs from our partners and vendors. Requirements You have experience with:
Auditing in accordance with generally accepted auditing standards and risk-based internal auditing.Basic information technology controls in a cloud environment.Analyzing, interpreting, and summarizing data, policies, and procedures for effective performance of audit work.Establishing and maintaining trust-based relationships with internal and external stakeholders. You should...
Have advanced writing and communication skills.Be willing to apply your skills across our small organization, from the low level (e.g. writing process documentation) to high level (e.g. developing organizational audit plans).Help us maintain the culture and values of our organization. It would be a plus if you have...
Some experience with DOD cybersecurity requirements and contracts, e.g. NIST 800-171.Some experience with FedRAMP requirements.