IT Advisory Manager
About the role
The IT Advisory Manager will lead stakeholder engagement and technical delivery for efforts supporting federal agencies with IT controls assessments and program evaluations. This is an ideal role for someone with an information security and assurance or IT audit background who is looking to utilize their skills to work with the federal government to analyze IT control weaknesses, identify root causes, and develop remediation plans.
Responsibilities
- Leading a team of IT security auditors performing IT risk and controls assessments
- Performing rigorous assessments of IT controls using industry-standard guidance and leading practices
- Performing walkthrough interviews and maintaining communication with a variety of client stakeholders, including system personnel such as system and database administrators
- Requesting, obtaining, reviewing, and analyzing a variety of artifacts to assist in executing IT controls testing such as security plans, SOPs, system screenshots, and system configuration settings
- Evaluating the design and operating effectiveness of IT controls using provided artifacts, industry-standard guidance, leading practices, and professional judgement
- Documenting the results of IT controls test work in a consistent and high-quality manner that would allow a reviewer to repeat the test and reach the same conclusion
- Summarizing and communicating IT controls assessment results to a variety of client stakeholders, including senior leadership personnel
- Planning and executing day-to-day activities of IT controls assessments individually and for the team
- Working with client personnel to understand and analyze known IT control weaknesses, identify root causes, and develop detailed, robust remediation plans
- Providing subject matter expertise to client personnel on all matters relating to IT controls and responding to ad-hoc IT controls requests from client personnel
Requirements
- An ACTIVE and MAINTAINED TOP SECRET/SCI federal security clearance with a Counterintelligence (CI) polygraph
- A Bachelor’s degree in information technology or business-related field
- SIX (6) or more years' experience providing IT consulting services focused on IT Risk and Controls. Experience should include but not be limited to:
- Understanding and knowledge of federal information security and assurance laws, requirements, and guidance (i.e. FISMA, NIST SP 800, FISCAM)
- Ability to obtain a DoD 8570.01-M (IAT III) certification (i.e. CASP+CE, CISSP, CISA, GCED, GCIH, CCSP) within the first 90 days of starting at Guidehouse
Qualifications
- Experience in consulting with the federal government to include senior government clients
- Knowledge of IT risk and controls through IT audits, IT control assessments, and IT security reviews
- Knowledge of FISMA, NIST SP 800 series, FISCAM, and other relevant Federal information assurance laws, regulations, and guidance
- Experience performing FISMA, OMB Circular A-123, or similar internal control assessments
- Experience remediating and implementing IT controls
- Experience testing or remediating the following IT controls topic areas is preferable: Access and account management, Segregation of duties, Technical account management controls, Audit logging and monitoring, Configuration management, Change management, Contingency planning
Skills
- Obtaining a DoD 8570.01-M (IAT III) certification (i.e. CASP+CE, CISSP, CISA, GCED, GCIH, CCSP) within the first 90 days of starting at Guidehouse
- Demonstrated knowledge and experience in IT risk and controls through IT audits, IT control assessments, and IT security reviews
- Knowledge of FISMA, NIST SP 800 series, FISCAM, and other relevant Federal information assurance laws, regulations, and guidance
- Experience performing FISMA, OMB Circular A-123, or similar internal control assessments
- Experience remediating and implementing IT controls
- Experience testing or remediating the following IT controls topic areas is preferable: Access and account management, Segregation of duties, Technical account management controls, Audit logging and monitoring, Configuration management, Change management, Contingency planning
Benefits
Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace. Benefits Include Medical, Rx, Dental & Vision Insurance, Personal and Family Sick Time & Company Paid Holidays, Position may be eligible for a discretionary variable incentive bonus, Parental Leave and Adoption Assistance, 401(k) Retirement Plan, Basic Life & Supplemental Life, Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts, Short-Term & Long-Term Disability, Student Loan PayDown, Tuition Reimbursement, Personal Development & Learning Opportunities, Skills Development & Certifications, Employee Referral Program, Corporate Sponsored Events & Community Outreach, Emergency Back-Up Childcare Program, Mobility Stipend
Pay
Competitive compensation based on experience and qualifications
Schedule
Full-time position with occasional travel up to 10%