RICHMOND, VA, USA
4 days ago
IT Auditor
Job Seekers, Please send resumes to resumes@hireitpeople.com

Short Description:

 

DPOR Security Auditor

Contract duration is 6 Weeks

*Local Candidates Preferred

 

Complete Description:

 

IT Security Audit will assess the effectiveness of controls over five of DPOR's applications and compliance with COV ITRM SEC519-00, IT Security Policy, COV ITRM SEC 501-01

 

Overall, the IT Security Audit will assess the effectiveness of controls over five of DPOR's applications and compliance with Commonwealth of Virginia (COV) IT Information Security Policy (SEC 519-00), IT Information Security Standard (SEC501-07.1) , IT Security Audit Standard (SEC502-02.1, IT Systems Management Procedures for DPOR applications,  and any legal requirements and best practices.  Specifically, the objectives of the IT System Audit are to determine whether the IT security controls for the five applications are documented and provide reasonable assurance that:

 

1. Physical access to the production environment, stored data, and documentation is restricted to prevent unauthorized destruction, modification, disclosure, or use.

2. Logical access to the production environment, data files, and sensitive system transactions, is restricted to authorized users only.

3. The production environment is protected against environmental hazards and related damage.

4. Regularly scheduled processes that are required to maintain continuity of operations in the event of a catastrophic loss of data, facilities, or to minimize the impact of threats to data, facilities or equipment, are performed as scheduled.

5. Roles and responsibilities are adequately defined, documented and assigned to persons with an adequate technical training and role based IT Security technical training is planned and received.

6. System hardening measures have been applied to the applications adequate to protect them against risks to which it is exposed.

 

REQUIRED SKILLS:

• Significant IT security audit experience (prefer government-related IT Audit exp)

•  Working knowledge and understanding of Commonwealth of Virginia IT security standards

•  Exceptional written and verbal communication skills required to interact effectively with all levels of the organization.

 

Additional Requirements:

 

Current Certification as a CISA or CPA (Must have at least one of these)

 

Bachelors Degree in Information Systems or related area plus three years experience or six years overall experience.

 

 

Skills:

Skill

Required / Desired

Amount

of Experience

 

CISA or CPA

Required

5

Years

Recent IT security audit exp (government setting pref)

Required

3

Years

Working knowledge of IT Information Security Policy (SEC 519-00)

Desired

3

Years

Working knowledge of IT Information Security Standard (SEC501-07.1)

Desired

3

Years

Working knowledge of IT Security Audit Standard (SEC502-02.1)

Desired

3

Years

Knowledge, understanding, and experience with COBIT framework

Highly desired

3

Years

Familiarity with pertinent industry IT guidelines (NIST, ISO, GTAG)

Highly desired

3

Years

Graduate of an accredited college or university with major studies

Required

5

Years

 

 

Do you have a current certification as CISA or CPA. Pls provide name of cert and year received.

 

Do you have prior exp successfully performing government-related IT security audits? Pls list agency name. A completed professional reference from agency mgr (where prior audit was performed) should be attached as separate document.

Confirm your E-mail: Send Email