Website Cotton & Company, LLP
Serving the Public Interest
Cotton & Company LLP has multiple openings in the Washington, DC area for senior IT auditors with 2 to 5 years of experience performing federal information security audits. We are looking for highly motivated and detail-oriented professionals to join our federal IT audit practice. Successful candidates will serve as project team members and perform detailed work on IT security audits for DoD and civilian agencies.
- Obtain, analyze, and evaluate audit evidence
- Assist the manager or partner with planning work on assigned audits, system reviews, or other related engagements
- Prepare audit documentation to support work performed
- Assist in preparing interview write-ups and memos
- Review the work of staff and provide timely and effective feedback
- Obtain information on task progress from staff and report to managers and/or partners regarding task status
- Report audit findings to seniors, managers, and/or partners and make recommendations for the correction of weaknesses
- Conduct testing and interviews and prepare work papers, write-ups, and memos
- 2 to 5 years of IT audit experience
- Experience planning IT audits desired
- Federal Information System Controls Audit Manual (FISCAM) experience
- Federal Information Security Management Act (FISMA) experience
- Experience with National Institute of Standards and Technology (NIST) Federal Information Processing Standards (FIPS) and Special Publications (SP)
- Detailed understanding of information security risk management concepts
- Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) certification highly desired
- Bachelor’s degree from an accredited college or university in Information Systems, Accounting Information Systems, Decision Support Systems, Business Information Technology, or Information Security Assurance.
- Demonstrated proficiency in Microsoft’s Office, specifically Excel, Access, and Word
- Ability to work effectively with both a team and independently
- Ability to travel up to 35 percent annually
- Ability to obtain a U.S. federal security clearance (U.S. citizenship is required)
- Strong understanding of large-scale information technology systems, business processes, security regulatory risk management and security vulnerabilities
- Ability to apply a risk-based control framework to identify and evaluate complex business and technology risks, internal controls that mitigate risks, and related opportunities for internal control improvement
- Ability to use established procedures to test IT controls and assess the design and operating effectiveness of general and application controls
At Cotton & Company, we believe that work should be both fun and intellectually challenging, while allowing for a healthy work/life balance. Our competitive compensation and benefits feature incentives such has professional certification, tuition reimbursement, and an individualized mentorship program.
You’ll find that we’re small enough to notice the performance of our employees and large enough to reward it. If you share our outlook and philosophies, we invite you to inquire about joining our team.
Cotton & Company is an Equal Opportunity Employer
To apply for this job email your details to firstname.lastname@example.org