IT Program Auditor at CALIBRE Systems Inc in Springfield, Virginia

Posted in Other 3 days ago.





Job Description:

IT Program Auditor
CMA 4941-585

CALIBRE Systems Inc., an employee-owned Management Consulting and Digital Transformation Company is seeking a IT Program Auditor (Advanced) to support our Cybersecurity Division/NGA Defender in the NCE-Springfield, VA. area. Conducts evaluations of an IT program or its individual components, to determine compliance with published standards.

The IT Program Auditor's responsibilities include, but are not limited to, the following:

  • Develop methods to monitor and measure risk, compliance, and assurance efforts.
  • Provide ongoing optimization and problem-solving support.
  • Provide recommendations for possible improvements and upgrades.
  • Review or conduct audits of information technology (IT) programs and projects.
  • Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.
  • Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up.
  • Conduct import/export reviews for acquiring systems and software.
  • Ensure that supply chain, system, network, performance, and cybersecurity requirements are included in contract language and delivered.

  • Knowledge of computer networking concepts and protocols, and network security methodologies.
  • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • Knowledge of cybersecurity and privacy principles.
  • Knowledge of cyber threats and vulnerabilities. Knowledge of specific operational impacts of cybersecurity lapses.
  • Knowledge of industry-standard and organizationally accepted analysis principles and methods.
  • Knowledge of information technology (IT) architectural concepts and frameworks.
  • Knowledge of Risk Management Framework (RMF) requirements.
  • Knowledge of resource management principles and techniques. Knowledge of system life cycle management principles, including software security and usability.
  • Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise.
  • Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161). Knowledge of import/export control regulations and responsible agencies for the purposes of reducing supply chain risk.
  • Knowledge of supply chain risk management standards, processes, and practices.
  • Knowledge of risk threat assessment.
  • Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  • Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions).
  • Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
  • Knowledge of how to leverage research and development centers, think tanks, academic research, and industry systems.
  • Knowledge of information technology (IT) acquisition/procurement requirements.
  • Knowledge of the acquisition/procurement life cycle process.

  • Bachelor degree or higher from an accredited college or university (Recommend an accredited Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, or Computer Engineering degree; or a degree in a Mathematics or Engineering field.)
  • Active TS/SCI Clearance REQUIRED
  • 8140 Certification: CCISO or CCSP or CISA or CISM or CISSP or GSLC
  • Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
  • Skill in conducting audits or reviews of technical systems
  • Skill to translate, track, and prioritize information needs and intelligence collection requirements across the extended enterprise.
  • Ability to ensure security practices are followed throughout the acquisition process


Springfield, Virginia, United States

Full-Time/Regular

Equal Opportunity Employer, including disability/protected veterans



PI250758507


More jobs in Springfield, Virginia

Other
1 day ago

Best Buy
Other
1 day ago

Best Buy
Other
2 days ago

The Boeing Company
More jobs in Other

Other
1 minute ago

BHE Renewables, LLC
Other
1 minute ago

BHE Renewables, LLC
Other
1 minute ago

Aquila