The IT Advisory Manager will lead stakeholder engagement and technical delivery for efforts supporting federal agencies with IT controls assessments and program evaluations. This is an ideal role for someone with an information security and assurance or IT audit background who is looking to utilize their skills to work with the federal government to analyze IT control weaknesses, identify root causes, and develop remediation plans.
Responsibilities Include Some Or All Of The Following
- Leading a team of IT security auditors performing IT risk and controls assessments
- Performing rigorous assessments of IT controls using industry-standard guidance and leading practices
- Performing walkthrough interviews and maintaining communication with a variety of client stakeholders, including system personnel such as system and database administrators
- Requesting, obtaining, reviewing, and analyzing a variety of artifacts to assist in executing IT controls testing such as security plans, SOPs, system screenshots, and system configuration settings
- Evaluating the design and operating effectiveness of IT controls using provided artifacts, industry-standard guidance, leading practices, and professional judgement
- Documenting the results of IT controls test work in a consistent and high-quality manner that would allow a reviewer to repeat the test and reach the same conclusion
- Summarizing and communicating IT controls assessment results to a variety of client stakeholders, including senior leadership personnel
- Planning and executing day-to-day activities of IT controls assessments individually and for the team
- Working with client personnel to understand and analyze known IT control weaknesses, identify root causes, and develop detailed, robust remediation plans
- Providing subject matter expertise to client personnel on all matters relating to IT controls and responding to ad-hoc IT controls requests from client personnel
What You Will Need
- An ACTIVE and MAINTAINED TOP SECRET/SCI federal security clearance with a Counterintelligence (CI) polygraph
- Bachelor’s degree in information technology or business-related field
- SIX (6) or more years' experience providing IT consulting services focused on IT Risk and Controls. Experience should include but not be limited to:
- Experience in consulting with the federal government to include senior government clients
- Understanding and knowledge of federal information security and assurance laws, requirements, and guidance (i.e. FISMA, NIST SP 800, FISCAM)
- Ability to obtain a DoD 8570.01-M (IAT III) certification (i.e. CASP+CE, CISSP, CISA, GCED, GCIH, CCSP) within the first 90 days of starting at Guidehouse
