• IT Controls/Audit Analyst

    Job Locations US-VA-Fort Belvoir
    Posted Date 2 months ago(5/30/2018 10:16 AM)
    Job ID
    # of Openings
  • Overview

    Position is on the research staff of a private, not-for-profit government consulting firm located in McLean, VA. Work will be at client location in Fort Belvoir, VA. The successful candidate for this position will provide expertise in several areas of internal controls and risk analysis.


    Specific requirements include:

    • Execute within a small high-performing team to provide analytical support to military (highest ranking: O-6 / Colonel), civilian (highest ranking: GS-15) and contractor support team. Principle responsibilities include serving as the information technology (IT) audit subject matter expert providing advice and guidance on Statement on Standards for Attestation Engagements (SSAE) 18 examination and financial statement audits to the U.S. Army for its ACAT-1AC Business System Enterprise Resource Planning (ERP) logistics portfolio.
    • Provide assistance to the team in coordinating responses to requests from Independent Public Accountant (IPA) audit firm(s) relative to the Provided by Client (PBC) lists, Meeting Request Lists (MRLs), sample requests, and follow-up questions across both the general fund and working capital fund audits. Support may include uploading artifacts to the Army Audit Response Tool (AART), taking notes at meetings, ensuring work products are stored to the team’s shared spaces, and similar hands-on efforts. Support also includes staying abreast of current efforts, sending reminders to ensure suspense dates are met, and advising government leadership of emerging issues so they can be resolved quickly. 
    • Develop status reports, provide meeting coordination support, and participate in site visits to AESIP programs when requested.
    • Interpret FISCAM requirement and their relationship to system documentation and controls.
    • Assist in evaluating issues lists and draft Notice of Findings and Recommendations (NFRs).
    • Review programs within the AESIP portfolio to advise where adjustments to existing controls or implementing additional controls are required to ensure the CUECs identified in service provider SOC1 or SOC2 reports are addressed. Assist programs as needed to document and implement the additional controls.
    • Assist AESIP programs identify Service Organizations that impact their internal controls over financial reporting, review Service Organization SOC Reports, and evaluate Complementary User Entity Controls (CUECs) and Complementary Sub Service Organization Controls (CSOCs).
    • Assist government lead and team in tracking the remediation of NFRs, Corrective Action Plan (CAP) and Plan of Action and Milestones (POAM) identified in Army logistics IT systems by Independent Public Accountant (IPA) audit firm(s).
    • Support ongoing governance of enterprise Governance Risk and Compliance (GRC) implementation efforts within systems, utilizing knowledge of GRC tools and best practices by reviewing Critical Action (CA) and Segregation of Duty (SOD) Reports.
    • Support program risk management efforts, including identify emerging risks, recommend risk mitigation strategies, and update risk status. 
    • Advise when the organization’s policies, processes or procedures should be updated to remediate auditor findings, and assist with updates as required.
    • Coordinates with cybersecurity teams to integrate remediation of auditor notices of findings and recommendations (NFRs) with other system findings identified via the RMF, and captured in eMASS, when appropriate for fully-integrated cybersecurity management.
    • Apply analytical expertise to advise and assist ongoing financial compliance, IT Controls, and financial and internal control management regulation implementation efforts within the Army enterprise as a component of financial audit. Recent focus is on Army-wide solutions for terminated & transferred personnel, as well as centralized data management.
    • Coordinate to document and share lessons learned across programs.


    • US citizen with active Secret clearance.
    • Bachelor’s degree or higher in business, information technology, information systems management, accounting, financial management or similar discipline.
    • Minimum three (3) years of experience with SSAE 16/18 engagements with five (5) to eight (8) years’ experience supporting financial statement audit response and internal control over financial reporting.
    • Experience performing CSOC and CUEC analysis highly desirable.
    • Working knowledge of internal control frameworks - NIST, COSO, Standards for Internal Control in the Federal Government (Green Book).
    • Working knowledge of SSAE 16/18 Exam and SOC 1 and SOC 2 reporting processes.
    • FMFIA, OMB Circular A-123, FISMA of 2014, FISCAM, FFMIA, and 10 USC Section 2222 experience highly desirable
    • Knowledge of SAP / GRC desirable
    • Critical thinking, research, analytical and problem-solving skills.
    • Minimal travel outside the National Capitol Region anticipated in order to coordinate with remote AESIP locations and related programs as necessary.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Need help finding the right job?

    We can recommend jobs specifically for you! Click here to get started.