About the position
Kearney and Company is seeking a Senior Cybersecurity Assessment Analyst to join our growing team! Responsibilities include but not limited to:
Analyze auditor or assessor requests, identify appropriate documentation in coordination with control owners, and review response for appropriateness and compliance
Organize, monitor, and follow up on audit requests to provide timely responses
Communicate delays and risks with management
Review artifacts and draft FMFIA A-123 Appendix A workpapers for supervisor review
Conduct A-123 walkthroughs, draft client request, communicate findings
Perform review of Plans of Action and Milestones (POA&Ms) to determine sufficiency to remediate findings
Perform independent verification and validation (IV&V) of audit finding remediation and clearly document results for management review
Organize, monitor, and follow up on delayed audit finding remediation
Exercises intermediate knowledge in the use of technologies/systems
With supervisor assistance and oversight, prepare for and lead meetings with control owners
Performs other consulting duties, as needed
Mains all continuing Government and non-Government educational requirements, including GAGAS requirements
Responsibilities
• Analyze auditor or assessor requests, identify appropriate documentation in coordination with control owners, and review response for appropriateness and compliance
• Organize, monitor, and follow up on audit requests to provide timely responses
• Communicate delays and risks with management
• Review artifacts and draft FMFIA A-123 Appendix A workpapers for supervisor review
• Conduct A-123 walkthroughs, draft client request, communicate findings
• Perform review of Plans of Action and Milestones (POA&Ms) to determine sufficiency to remediate findings
• Perform independent verification and validation (IV&V) of audit finding remediation and clearly document results for management review
• Organize, monitor, and follow up on delayed audit finding remediation
• Exercises intermediate knowledge in the use of technologies/systems
• With supervisor assistance and oversight, prepare for and lead meetings with control owners
• Performs other consulting duties, as needed
• Maintains all continuing Government and non-Government educational requirements, including GAGAS requirements
Requirements
• Bachelor's degree in Computer Science, Information Systems, or a related field
• Minimum 2 years of experience performing external IT security assessments or audit liaison support for external IT security assessments
• Minimum 1 year of external assessment workpaper writing experience, under CIGIE or GAGAS fieldwork requirements
• 2 years of federal client experience and requisite understanding of key NIST publications
• Ability to be onsite 2 days a week in Alexandria, VA
• Professional communication skills and clear business writing
• Ability to obtain and maintain a U.S. security clearance (requires U.S. citizenship)
Nice-to-haves
• OMB A-123, OIG FISCAM, OIG FISMA assessment experience
• Diligent One, ServiceNow, ACL or HighBond experience
• Professional certification: CISSP, CISA, Security+, CC, CPA
Benefits
• Medical, Dental, Vision, Life, AD&D, and Disability Insurance
• 401(k) Retirement Plan and 529 Education Savings Plan
• Flexible Spending & Health Savings Account
• Accident, Critical Illness, Hospital Indemnity Insurances
• Legal Insurance and Pet Insurance
• Employee Assistance Program, fitness and wellness benefits, and other firm benefits
• Paid holidays, vacation, and sick time