SOX and FISMA Compliance SupportBACKGROUND:The Planning, Governance, and Innovation department in Technology Services of the Division of Management propose to engage a Contractor to provide compliance and information security support to in preparation for annual Financial Statement Audits, internal SOX control reviews, FISMA reviews, provide support in updating policies and procedures, and assist with ongoing compliance self-assessments.REQUIREMENTS:The candidate shall possess the knowledge and skills set forth in the Technical Services Intermediate Auditor Consultant. In addition, the candidate shall have demonstrated experience in the following:Experience with financial applicationsExperience with evaluating cloud internal controls reports, SOC-1 and SOC-2Simultaneously works on several complex assignments requiring analysis of control applicability and evaluation of control gaps for financial systems.Experience with supporting financial IT audits and successfully developing audit and security related system documentation to reduce risk and meet control requirements desired.Experience with performing system audit log reviews via Splunk toolExperience assessing and evaluating NIST 800-53 controlsExperience in developing a Risk Control Matrix, Test of Design and Test of Effectiveness (TOD/TOE)Must have at least five years of progressively responsible experience in the information technology arena as an IT auditor, IT security analyst, IT manager, business analyst, system administrator or a combination of these.Possess clear, concise, and effective verbal and written communication and project management skills needed for functioning in an unstructured matrix management environment.Work independently and meet deadlines for assigned tasksExperience with assessing IT systems leveraging SOX, FISCAM, COBIT, or FISMA Compliance strongly desired.CISSP or CISA certification strongly desired.Experience with Workday or Coupa a plus, but not requiredKEY RESPONSIBILITIESParticipates in the process to evaluate, develop, maintain, and update the technology compliance program. Advises the technology support officer and technology managers on compliance, information security, and internal controls.Prepares the technology departments for the yearly financial statement audit and SOX internal control reviews.Assist in developing required documents in support of internal SOX or FISMA reviews.Develop solutions with team members to minimize vulnerabilities.Advises the technology officer of SOX and compliance issues and recommends solutionsProvides a weekly status report to the COR documenting concerns, issues, risks, and progress.Recommends and helps implement GRC Tools to increase automation in the areas of compliance, auditing, and vulnerability detection for the branch.Perform weekly Splunk/audit log reviews and report any anomaliesEvaluate system documentation to meet compliance requirementsAssists with building governance and risk management tasks and activities for the team and management reviewDesigns, tests and reviews controls for compliance and ensures proper documentation is recorded.Creates audit and monitoring reports used by the team, as directed.The External Auditor Consultant shall deliver, but not limited to, the following:Thoroughly assess and validate the SOX Risk Control Matrices (RCM’s) for identified systems of record against client policies. Document findings and recommendations.Crosswalk the SOX RCMs against the client Information Security Program (BISP) standards and procedures and document the results.Provide recommendations, develop action plans, and help implement capabilities to improve compliance and security practices.Document updates to compliance related policies, processes, procedures, and/or standards as directed by the compliance team.Notes:Hybrid telework schedule (minimum 6 days/month), includes telework and On-siteVIVA is an equal opportunity employer. All qualified applicants have an equal opportunity for placement, and all employees have an equal opportunity to develop on the job. This means that VIVA will not discriminate against any employee or qualified applicant on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.
(Please ensure email matches your resume email)
(document types allowed: doc/docx/rtf/pdf/txt) (max 2MB)
By submitting this form, you are consenting to the VIVA team contacting you via Phone/Email