Information Systems Auditor III

R&K Solutions, Inc. is seeking a motivated and qualified Information Systems Auditor to support our cloud Software as a Service (SaaS) environment and company networks. The ideal candidate has experience working with Risk Management Frameworks such as FedRAMP, FISMA, DoD RMF or ISO and must have experience auditing NIST security controls. This position will perform internal audit to ensure compliance for FedRAMP and CMMC frameworks, interface with Third Party Assessment Organizations (3PAO), perform gap analysis, and assist in cybersecurity defense.

R&K is an employee-owned company and an equal opportunity / affirmative action employer. EOE AA M/F/Vet/Disability.

Duties:
Key job tasks include, but are not limited to:

• Works closely with Information Systems Security Manager (ISSM) to ensure annual FedRAMP and CMMC compliance.

• Perform annual security reviews, annual testing of security controls and annual testing of the contingency plan in line with FedRAMP requirements.

• Audits Information Systems, platforms, and operating procedures in accordance with established FedRAMP and DoD standards.

• Working with system administrators, engineers, and developers to update system/site policies, procedures, and process guides.

• Assist Security Analysts with cybersecurity defense and incident response.

• Work closely with external auditors and internal IT teams on managing and supporting audits.

• Identify, document, and map technology processes and internal controls.

• Assist ISSM in writing and maintaining System Security Plans, policy, and procedures.

• Perform risk assessments of technology infrastructure, operational processes, and controls, including vulnerability scanning and risk mitigation planning.

• Complete audit testing, inquiry, observation, and other analysis required to meet the objectives of audit projects.

• Communicate progress and results of audits throughout the audit engagements.

• Develop value-added recommendations to deal with issues identified during assigned audits and create reports to formally communicate the results of the audit and related recommendations.

• Monitor implementation of outstanding audit recommendations and validate their implementation.

• Assist with Vulnerability Management

Qualifications:

• Bachelor's degree and a minimum of 4+ years of audit experience or associate's degree with 5+ years of audit experience will be considered.

• The candidate must have a CompTIA Security+ certification (or other DoD IAT Level II certification) or must pass certification at applicant's expense within 3 months of hire.

• In-depth understanding of NIST 800-53 and 800-171 security controls.

• Experience with Risk Management Frameworks such as FedRAMP, FISMA, DoD RMF or ISO.

• Experience maintaining a System Security Plan (SSP).

• The candidate must be a US Citizen and either possess or be able to obtain a Secret-level DoD
clearance.

• CISA, CISM, CIA, CISSP or other relevant certifications preferred.

• The candidate will have a strong work ethic with the ability to learn new concepts quickly.

• Good planning and organizational skills with ability to multi-task to balance and prioritize work amongst multiple teams and stakeholders.

• Working knowledge in the application of information security concepts, principles, and practices.

• Understanding of technical security solutions (firewall, intrusion prevention, endpoint protection)

• Experience using vulnerability management tools such as ACAS, Nessus, Qualys, Rapid 7 or similar.

• Proficient in written and verbal communication, analytical thinking, customer service, organization, problem-solving, and strong attention to detail.

• Experience producing a FedRAMP Authority to Operate (ATO) package is a plus.

• Experience using eMass or other GRC tools is a plus.

• Salary will be based on experience and potential to succeed.