IT and Cyber Risk Auditor
About the role
Help safeguard critical government systems by applying your hands-on ISSM/ISSO experience to security governance, risk evaluation, and compliance oversight. As an IT and Cyber Risk Auditor at GDIT, you will leverage your background managing RMF controls, system documentation, and continuous monitoring activities to deliver thorough, accurate, and mission-focused security assessments. This role is ideal for cybersecurity professionals who have previously served as an ISSM or ISSO and are seeking to transition into a dedicated risk, audit, and compliance position where you can influence security posture across multiple systems and programs.
Responsibilities
- Conduct comprehensive security audits and RMF control assessments in accordance with DCSA, JSIG, and SAP security requirements, leveraging prior ISSO/ISSM experience.
- Review, validate, and improve security documentation and artifacts such as SSPs, POA&Ms, Continuous Monitoring outputs, and other evidence required by RMF and DCSA assessment standards.
- Develop, implement, and oversee operational information system security policies and guidelines aligned with the Risk Management Framework (RMF), JSIG, and applicable DCSA directives.
- Evaluate system security controls for effectiveness, completeness, and compliance with NIST SP 800-53, DCSA/DoW requirements, JSIG standards, and internal organizational policies.
- Collaborate with ISSOs, ISSMs, SAP security personnel, and technical teams to analyze findings, recommend remediation actions, and ensure timely correction of identified vulnerabilities.
- Support ongoing ATO and SAP authorization maintenance by tracking assessments, evidence submissions, and documentation required throughout the RMF and JSIG lifecycles.
- Prepare and deliver clear, risk-focused briefings to system owners, DCSA assessors, SAP authorities, and other stakeholders regarding compliance status, audit results, and security-related decisions.
Qualifications
- Education: Bachelors degree
- Experience: 2+ years of related experience as a prior ISSO/ISSM. In lieu of degree, additional 4+ years of work experience/training/education will be required
- Certifications: IAT II (Security +, SSCP, CCNA Security)
- Technical skills: Strong understanding of NIST SP 800-53, DoW cybersecurity requirements, and control implementation/assessment practices. Familiarity with Windows/Linux environments, vulnerability tools, and security baselines. Prior SAP experience desired
Skills
- Strong understanding of NIST SP 800-53, DoW cybersecurity requirements, and control implementation/assessment practices.
- Familiarity with Windows/Linux environments, vulnerability tools, and security baselines.
- Prior SAP experience desired.
Benefits
- Comprehensive benefits and wellness packages
- 401(k) with company match
- Competitive pay and paid time off
- Award-winning culture of innovation and a military-friendly workplace
Pay
The likely salary range for this position is $81,349 - $110,055. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.
Schedule
Scheduled Weekly Hours: 40
Travel Required: Less than 10%
Telecommuting Options: Onsite Work Location: USA VA Falls Church
Total Rewards: At GDIT: Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available.