Senior IT Audit & Compliance Specialist

Duties and responsibilities include:

Support the Cybersecurity Program Management Team (CPM) team with audit and oversight related activities to include but not limited to requesting and responding to inquiries and requests for artifacts or interviews in a timely manner, tracking audit responses and artifacts, facilitating and leading audit related meetings with stakeholders, coordinating technical scanning efforts, drafting audit-related responses on behalf of the Agency, analyzing findings and reports, and providing input to the Agency responses, tracking recommendations and findings, and contributing analysis and support to resolution of findings. Track audit responses in a timely manner. Manage and support data collection including intake from multiple stakeholders, validation of the data, and the coordination and reporting of any necessary data corrections as needed. Identify areas for potential process improvements and/or areas for automation.

Collaborate with various personnel as needed to produce effective Corrective Action Plans (CAPs) and Notice of Findings and Recommendations (NOFRs) related to Cybersecurity efforts, collect input as needed to update those CAPs/NOFRs, and ensure their timely delivery. Provide analysis of Audit recommendations to determine systemic issues or other trends that may require additional leadership attention.

The Contractor shall facilitate FISMA reporting to Congress and/or external Federal Agencies. This may include but is not limited to Federal CIO Metric and CyberScope data collection from various stakeholders, data analysis, validation, and quality control, data entry, and drafting executive-level reports, memos, and communications. The contractor shall also facilitate external vulnerability scanning at least annually. This may include coordination amongst various stakeholders, data collection and submission to external scanning parties, and facilitate the data collection response for any findings.

Advise the Cybersecurity team on pertinent developments in federal information security policy as it pertains to the Agency to include monitoring and staying abreast of applicable Cybersecurity statutes, regulations, and federal doctrine. When the Cybersecurity team is called on to respond to newly proposed information security directives and similar policy documents, assess the impact of these changes on a respective program and draft responses for review, approval, and submission by appropriate Government personnel. Advise the Cybersecurity team on relevant changes and updates that affect the Agencies' information system policies and enterprise. In addition, raise such developments to the attention of the COR/ACOR and designees within the Cybersecurity team and promote sufficient detail such that the change and potential impacts are understood to assure they are properly addressed. Maintain or create new audit management standard operating procedures.

Required Qualifications:

• Direct demonstrated knowledge of IT processes and procedures
• Direct demonstrated experience in FISMA related audits and compliance
• Subject Matter Expert (SME) applying and implementing NIST SP 800 series and OMB guidance
• Direct demonstrated customer service experience
• Ability to self-manage and multi-task while balancing multiple priorities
• Excellent communications skills including supporting executive-level communications

Desired Qualifications:

• 9+ years of experience in FISMA related audits and compliance
• 7+ years as Subject Matter Expert (SME) applying and implementing NIST SP 800 series and OMB guidance
• Familiarity with ServiceNow, Jira, SharePoint workflows, and advanced Excel skills
• Prior experience supporting Federal CIO Metrics and CyberScope activities

Education Requirement: Bachelor's degree required. Concentration in Cybersecurity preferred.

Clearance Requirement: Ability to obtain and maintain a Public Trust.

Why Join Gunnison?

• Gunnison takes on ambitious projects. We target fun, challenging work that requires creative thinking and innovation.
• Quality is our top priority.
• Gunnison employee benefits meet or exceed what other companies in the Washington, D.C. metropolitan area offer.
• There is a great sense of camaraderie at Gunnison. This is an atmosphere we will maintain as we continue to grow.
• We are growing rapidly and the opportunity for individual professional growth with Gunnison is outstanding.
• We hire for careers at Gunnison, not to fill a position.

Employee Benefits

Gunnison employee benefits meet or beat other companies in the Washington, D.C. metropolitan area, including:

• Bonuses AND profit-sharing!
• 401k Matching
• Certifications and training allowance $2,500/year
• 3 weeks of personal leave your first year (160 hours can roll over every year)
• 5 days of Flex-Time-Off per year

Equal Opportunity/Affirmative Action Employer. Must be eligible for employment in the United States. We are unable to sponsor candidates at this time.

In 1994 Gunnison Consulting Group began serving the greater Washington, D.C. metro area, focused on tackling our customers' most ambitious technology projects. By creating a culture dedicated to enabling our customers and employees to achieve more than they ever thought they could, the company has thrived for over 25 years.