Journeyman Information Systems Auditor

*This position requires an Active Public Trust clearance or higher to be considered.*

ProSync Technology Group, LLC (ProSync) is an award-winning, SDVOSB Defense Contracting company with a strong military heritage and a record of excellence in supporting the Department of Defense and the Intelligence Community.  If you have prior military service or government contracting experience, are proud to serve and support our nation, and want to help support ProSync's mission to "Define and Redefine the State of Possible,” please apply today!

ProSync Technology Group, LLC. is looking for a meticulous and experienced Auditor to join our team. This role involves performing comprehensive audits to ensure compliance with federal regulations and internal policies. 

Responsibilities:

• Enhancing and executing mandated internal and external Cybersecurity audits, using the appropriate audit taxonomy, to evaluate CDC IT and cybersecurity programs, on-premise, cloud, and vendor-hosted systems, applications, networks, and infrastructures to assess and identify gaps and weaknesses requiring mitigation to ensure confidentiality, availability, and integrity of CDC assets and data. 

• Collecting, analyzing, and submitting FISMA metrics on a quarterly and annual basis which includes working with and educating CDC SMEs to ensure data collected is accurate and free from errors. 

• Working with HHS on FISMA metrics submissions and addressing follow-up questions regarding the data submitted on a quarterly and annual basis. 

• Conducting program and project management activities necessary to address audit findings and align the cybersecurity program with the OMB, HHS, and CDC strategic plans. 

• Performing Information Technology audits, cybersecurity assessments, and establishing governance to evaluate and improve high-risk program areas on an annual basis (e.g., High Value Assets). 

• Performing customer outreach for upcoming audits and during existing audits. 

• Developing audit materials for non-IT audiences, as well as analysis documentation for presentation to governance bodies and agency leadership. 

• Performing technical writing to document outcomes of audits and security assessments, developing audit action plans to address high-risk program objectives to include configuration management, patch management, risk management, incident response, security authorization, and other program controls identified during annual IT audits. 

• Conducting meetings with CDC leadership to develop prioritized lists of program objectives, performing analysis of identified objectives, defining the specific goals needed to meet each objective, defining, and prioritizing specific requirements for each objective, and defining timelines and milestones for each objective. 

• Defining and documenting the necessary design and development actions required to meet specific requirements as documented in the final audit reports. 

• Developing ongoing audit status reports using tools such as the Microsoft 365 suite. 

• Coordinating, scheduling, and leading audit status and priority review meetings with CDC leadership, audit support staff, and program staff. 

• Providing professional services support for the implementation of specific actions to help meet program objectives to facilitate end-to-end remediation of audit findings, from developing Corrective Action Plans to obtaining auditor confirmation that remediation activities have been successful. 

• Enhancing, maintaining, and providing leadership with audit tracking tool(s), using technologies such as Microsoft 365 to track and summarize the status of each audit item, including stakeholders, audit item priority, proposed corrective action plans, timeline for the completion of the remediation, budget, completion percentage, and overall status. 

• Documenting and defining corrective actions required to meet each recommendation objective, estimate timeline and budget for corrective actions, and identifying, defining, and prioritizing specific actionable conditions (Subtasks) for each objective. 

• Leveraging processes, templates, best practices, etc. established by Government (e.g., other agencies) Subject Matter Experts (SME) to support senior CDC leadership with firsthand audit support experience related to technical and programmatic audit finding remediation, including assistance with QA responses, ad hoc reporting on metrics for briefing books and written testimony for hearing. 

• Facilitating recurring touchpoint meetings with leadership to review the status of outstanding audit items, identify next steps, discuss mitigation strategies, and providing detailed status reports and meeting minutes for each touchpoint. 

• Facilitating recurring technical working sessions between CDC leaders and technical stakeholders to develop remediation strategies, project plans with tasks and milestones, timelines, and budget estimates; and providing detailed status reports and meeting minutes outlining each meeting. 

• Creating audit responses and closure packages containing deliverables required for external audit and internal assessment related requests and finding remediation; packages should be standardized, for example, each may include a cover sheet with annotated artifacts and narrative explanations that correspond directly to the language of the specific audit request, finding, or recommendation. 

• Developing documentation required to directly support audit requests and remediation using the implementation of technical controls mapped to the NIST Cybersecurity Framework in areas such as: 

1. Configuration management. 
2. Patch management. 
3. Risk management. 
4. Incident response. 
5. Assessment and Authorization. 

• Drafting high-level briefings (e.g., Congressional), inquiry responses, and preparing briefing materials for critical audit initiatives. 

Requirements

• A minimum of 5 years of experience in IT auditing or a related field. 
• Experience in performing audits in a federal contracting environment. 
• A minimum active Public Trust clearance or higher is required.

Education & Certifications

• A Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or similar area of study or equivalent practical experience.
• A CISA certification is required.
• A CISSP or CISM certifications are highly desirable.

Benefits

Join PROSYNC and enjoy our great benefits!

Compensation:

• We offer bonuses that are awarded quarterly to our employees and our compensation rates are highly competitive.

Health & Retirement:

• We offer a comprehensive Health Benefits package and 401K Retirement plan so you can take care of yourself and your family, now and in the future. Other health-related benefits include an employee assistance program for those difficult times or when you need to take care of your mental health.

Education:

• Individual growth is a priority at ProSync. Employees are encouraged to take advantage of our company-sponsored continuing education program so you can get your degree or that next certification you need to propel you to the next level.