• IT Audit Specialist-Agile

    CACI InternationalAshburn, VA 20147

    Job #1775116826

  • IT Audit Specialist-Agile

    Job Category: Information Technology

    Time Type: Full time

    Minimum Clearance Required to Start: None

    Employee Type: Regular

    Percentage of Travel Required: Up to 10%

    Type of Travel: Local

    Job Description

    CACI is currently looking for a Security IT Audit Specialist with agile methodology experience to join our BEAGLE (Border Enforcement Applications for Government Leading-Edge Information Technology) Agile Solution Factory (ASF) Team supporting Customs and Border Protection (CBP) client located in Northern Virginia! Join this passionate team of industry-leading individuals supporting the best practices in Agile Software Development for the Department of Homeland Security (DHS).

    As a member of the BEAGLE ASF Team, you will support the men and women charged with safeguarding the American people and enhancing the Nation's safety, security, and prosperity. CBP agents and officers are on the front lines, every day, protecting our national security by combining customs, immigration, border security, and agricultural protection into one coordinated and supportive activity.

    ASF programs thrive in a culture of innovation and are constantly seeking individuals who can bring creative ideas to solve complex problems, both technical and procedural at the team and portfolio levels. The ability to be adaptable and to work constructively with a technically diverse and geographically separated team is crucial.

    The Security IT Audit Specialist with both strong application and network security delivery skills will need to have a deep technical understanding of Cybersecurity and financial audit practices. They will work as an integral part of a highly productive team of seasoned technical professionals who thrive on supporting our customer's mission and growth objectives- responsible for designing, developing, leading, and implementing secure application and infrastructure capabilities for a variety of legacy and modernized systems and applications.

    They will work in close collaboration with software developers/engineers, quality assurance engineers, stakeholders, and end users within Agile Engineering processes. They must have a working knowledge of enterprise class information assurance requirements, FISCAM, and network security and survivability.

    They will also be responsible for supporting development of a spectrum of engineering artifacts that adequately, but succinctly captures system security requirements, application and network security design, and network security architecture. This position is responsible for ensuring that all assigned work activities are performed in a timely, secure, compliant and cost-effective manner while maintaining the highest quality of performance.

    What you'll get to do:

    Serve as an Internal Audit Sustainment Team member responsible for the Audit Readiness, Sustainment and Security of custom coded and COTS applications and databases. Responsible for activities associated with delivery of Cybersecurity technical control implementation, configuration, and architectural solutions associated with customer-defined systems/software projects; basic responsibilities include:

    • Implement Technical Audit Sustainment Program strategy

    • Understand and assist developers with FISCAM compliance

    • Enable assurance for information security during all phases of agile system development and deployment

    • Secure SAP and custom designed financial support systems

    • Assess entire system lifecycle requirements and network security impacts

    • Enhance - Implement Cybersecurity vulnerability/ hardening testing

    • Optimize - Cybersecurity development environment certification

    • Work with SAP security administrators to ensure Separation of Duties, Access Controls, and audit support functionality is incorporated into the system

    • Work with the CBP Independent Public Accountant (IPA) that is auditing the system by responding to request for information (RFI)s and delivering Provided by Client (PBC) data to the auditor.

    • Develop Corrective Action Plans (CAPs) in response to Notifications For Record (NFRs) received from the IPA

    • Evaluate the implementation and compliance of SAP GRC by working with SAP Security Administrators

    • Architect & Engineer security - develop security goals, capabilities, controls, and architecture

    • Maintain security posture - audit security settings, track security training, monitor threats, track reaccreditation and assist with synchronizing efforts for compliance with FISCAM and RMF

    • Continuously evaluate and recommend innovative proven best business practices and tools to enhance defense-in-depth

    • Monitor and inspect for approved software usage and implementation of approved security enabled software and tools

    • Works to achieve, team objectives, operational plans with measurable contribution towards the achievement of results of the job function or completion of a project.

    • Assist CBP with maintaining compliance with OMB Circular A-123 supporting management responsibilities for internal controls

    • Apply information security in accordance with National/DHS/CBP directives security policy

    You have:

    Must be a U.S. Citizen with the ability to pass CBP background investigation, criteria will include:

    • 3-year check for felony convictions

    • 1-year check for illegal drug use

    • 1-year check for misconduct such as theft or fraud

    College degree (B.S., M.S.) in Computer Information Systems, Finance or a related discipline

    Certifications: minimum Security+ CE or equivalent, CISSP, CISM or CISA preferred

    Professional Experience: Seven (7+) years of technical experience and five (5+) years related with IT Financial Audit or FISCAM compliance

    CISA and CISM experience

    Bonus would be having:

    • Experience as SAP Security Administrator

    • Experience on an audit team for an IPA

    • Knowledge for GRC tools to enhance compliance such as Greenlight and SAP GRC

    • Experience as an Information System Security Officer (ISSO) for a system

    • Big 4 experience

    • Cloud salesforce expereince

    You're good at:

    Working knowledge of and ability to assist others in the use of information security provisioning and monitoring tools to support process improvement

    Ability to apply advanced principles, theories, and concepts, and contribute to the development of innovative IA principles and ideas

    Experience working on unusually complicated problems and providing solutions that are highly creative and ingenious, exhibiting ingenuity, creativity, and resourcefulness

    Determining how Governance Risk and Compliance Tools (SAP GRC, Greenlight, etc..) can enhance compliance

    Implementing FISCAM, RMF, and NIST security solutions

    Developing compliance solutions for OMB Circular No. A-123 (management's responsibility for internal control in Federal agencies)

    Acting independently to expose and resolve problems

    Excellent written and verbal communication skills

    Strong collaboration skills and desire to work within a team

    Highly responsible, team-oriented individual with very strong communication skills and work ethic; self-starter

    What We Can Offer You:

    • We've been named a Best Place to Work by the Washington Post.

    • Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.

    • We offer competitive benefits and learning and development opportunities.

    • We are mission-oriented and ever vigilant in aligning our solutions with the nation's highest priorities.

    • For over 55 years, the principles of CACI's unique, character-based culture have been the driving force behind our success.

    Company Overview: At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.

    As required by Executive Order 14042, Federal contractor employees are required to be fully vaccinated against COVID-19 by December 8, 2021 regardless of the employee's duty location or work arrangement (e.g., telework, remote work, etc.), subject to such exceptions as required by law. If selected, you will be required to be vaccinated against COVID-19 and submit documentation of proof of vaccination before starting employment with CACI.