Information Systems Auditor Assessment Lead

Location: Washington, DC
ERPi is currently seeking a full-time Information Systems Auditor Assessment Lead to provide onsite support at our Washington, DC site.
 
The Role:
ERPi has been awarded a contract with the U.S. Securities and Exchange Commission (SEC) to provide the SEC Office of the Chief Information Officer (CIO) support in the development and implementation of Assessment and Documentation services for information privacy assurance.
 
The objective of this contract is to obtain privacy program support services for a variety of information technology (IT) systems and projects, including financial systems, which cut across all SEC Divisions and Offices.  The collections of personally identifiable information (PII), information in identifiable form (IIF) and sensitive PII require the assurance of data integrity provided by secure and trustworthy privacy and security controls.
 
We are looking for an Information Systems (IS) Auditor Assessment Lead to support our team in creation of Privacy Controls Assessments (PCA) and Privacy Assessment Reports (PAR) for new and modified systems and projects against the SEC’s identified set of privacy controls.  The PCA should minimally include: System-Specific and Hybrid Privacy Control Testing; adherence to the SEC’s security and privacy program, policies and guidance; documentation review; personnel interviews; and observations. This work includes an assessment of risk levels, privacy information management, and remediation options to remove privacy risks.
 
Please note: this is primarily an on-site contract in Washington, DC.  Any regularly scheduled telework will require the approval of the SEC.
 
The IS Auditor Assessment Lead will lead ERPi team members (to include our Cybersecurity subject matter experts) and SEC stakeholders in the assessment of SEC systems that contain Personally Identifiable Information (PII), using an established privacy assessment framework.  The Assessment Lead will bring at least 8 years of experience in control assessment in a Federal environment.  The candidate should have excellent interpersonal, written and verbal communication skills.  In addition, this select candidate will:
 
  • Lead engagements with SEC system and business owners;
  • Plan, conduct, and oversee assessments of privacy controls;
  • Develop privacy control assessment plans;
  • Develop Privacy Assessment Reports (PAR) for said systems;
  • Maintain documentation for each assessed system.
 
The SEC’s mission is to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation. That mission is challenged not only by the diversity and number of market participants and investors, and the systems and technology used to facilitate commerce, but also by the threats faced daily from cyber-attacks.  Any compromise or impact to the confidentiality, availability or integrity of those systems and data resulting from a cyber-attack may significantly impact markets, investor confidence, and assets.
 
Required Skills and Experience:
  • IS Auditor Assessment Lead with more than 8 years of proven control assessment and reporting in the Federal environment
  • Bachelor's Degree
  • Assessment management experience with information systems, and security and privacy controls
  • Strong oral and written communication skills (briefings, presentations, and training sessions)
     
Desired Skills and Experience:
  • Certification(s) in Privacy (such as CIPP/US or CIPP/G);
  • Certifications in system assessment (such as CISA, CISSP);
  • Experience supporting customers in SEC is a plus;
  • Experience leading assessment teams;
  • Knowledgeable of the NIST Risk Management Framework (RMF);
  • Certified in Governance of Enterprise IT (CGEIT)
     
Clearance: Public Trust
 
ABOUT ERPi:
ERPi, a Service-Disabled Veteran Owned Small Business (SVDOSB) specializing in management consulting for the federal government (www.erpi.net).  ERPi is undergoing a period of significant growth and offers talented candidates a chance to perform project management, strategic planning, process improvement, quality management, data analysis, and human capital planning on some of the Federal government’s largest and most complex business challenges. Our work environment is highly entrepreneurial and is staffed with some of the brightest and most capable technical and management consultants in the industry.  ERPi’s compensation and benefits plan are designed to attract and retain the industry’s most capable professionals and executives. We offer tuition reimbursement for selected graduate schools, 401(k) profit sharing, awards to recognize exceptional performance immediately, customized health plans, and charitable donation matching, in addition to competitive base salaries
 
EEO Statement:
It has been and will continue to be a fundamental policy of ERPi not to discriminate on the basis of race, color, religion, sex, gender, sexual orientation, gender identity or expression, pregnancy, parental status, marital status, citizenship, national origin, age, disability, genetic information, military status, veteran status, or any other protected category with respect to recruitment, hiring, training, promotion, and other terms and conditions of employment.
or
this job portal is powered by CATS