Sr. IT Auditor (Service Organization Controls/SOC experience)

Lynch Consultants is seeking a Sr. IT Auditor with Service Organization Controls/SOC experience to support Information Technology (IT) audit engagements and Complementary User Entity Control (CUEC) assessments. Duties will include service provider identification and risk assessment, evaluation of service provider controls to address risks, completion of documentation and test of control design, development of test plans and completion of testing of control operating effectiveness, and development and implementation of corrective actions.

Only applicants who fully satisfy all required qualifications will be considered for further review.

Salary: $90,000 - $97,000/yr commensurate with experience

Work Location and Schedule:

• This work is 100% remote, but candidates must be local to the National Capital Region (District of Columbia, Maryland, or Virginia) for potential onsite work in Alexandria, VA.

Required Qualifications – Must Have:

• MUST have a Bachelor's or Master's degree in a Business-related field
  
• MUST have an active Secret Clearance
  
• MUST have 5+ years of experience with ITGC and SOC Audits in the federal space.
  
• MUST have knowledge and able to provide Quality Assurance (QA) review of IT control documentation, test plans, and Key Supporting (KSD) packages prior to submission for audit or Statement of Assurance purposes.
  
• MUST have knowledge of support testing of IT General Controls (ITGCs) which includes User Access Management (provisioning, de-provisioning, privileged access), Change Management, Configuration Management, System Interfaces, and Data Transfers.
  
• MUST have experience with Internal Controls Over Financial Systems (ICOFS) - Develop test plans to validate internal controls are in place for ICOFS/Complementary User Entity (CUECs).
  

• MUST understand A-123 Statement of Assurance IT requirements
  
• MUST understand Service Organization Controls (SOC) and Complementary User Entity Control (CUEC) assessments and implementation.
  
• MUST understand FISCAM, NIST 800-53, and Federal financial system controls.
  

Preferred Qualifications:

• CPA (Certified Public Accountant)
  

• CDFM, CGFM/DoD FM Certification
  

Skills and Job Duties:

• Development and execution of ITGC test plans (Test of Design).
  
• Conduct (ToE)/(Test of Effectiveness (ToE)) procedures, including walkthroughs, sampling and evidence validation.
  
• Validate completeness and accuracy of IT control populations and samples used for testing.
  
• Support Statement of Assurance (SoA) IT inputs, including identification of IT risks, mapping of IT controls to financial reporting objectives, and documentation of IT control ownership.
  
• Assist in drafting SoA narratives and flowcharts related to IT systems, including control descriptions risk statements, and remediation status.
  
• Review SOC 1/ SOC 2 reports to identify CUEC applicable to the DoW Agency and support mapping of SOC controls to internal DoW Agency IT controls.
  
• Review SOC 1/ SOC 2 reports to identify CUEC applicable to the DoW Agency.
  
• Support mapping of SOC controls to internal DoW Agency IT controls and assist in documenting reliance strategies.
  
• Conduct Audit Engagement support including development, QA review, validation, and submission of IT and business process documentation in response to audit Prepared By Client (PBC) requests.
  
• Review Notice of Findings and Recommendations (NFRs) and develop or recommend Corrective Action Plans (CAPs) to remediate deficiencies and weaknesses.
  
• Monitor and assess the implementation and validation of CAPs.
  
• Provide Risk Management and Remediation to include providing expertise, recommendations, and industry best practices to support continuous improvements and increased feedback throughout the Audit Engagement and Audit Remediation processes, to include guidance, business rules, and process workflows.
  
• Provide Audit Remediation Data Management using information provided by stakeholders.
  
• Perform timely uploads or updates to CAP-related documentation in the designated audit remediation tool and provide an update to customer management.
  
• Perform data analytics to assess the risk of misstatement from CAPs that are not fully remediated.
  
• Assess remediation testing results to determine sufficiency of remediation procedures.
  
• Conduct a review of Statements of Assurance (SOA) for accuracy and completeness as it relates to ICOFS. This includes providing advice and performing reviews, assessments, and a gap analysis to Federal Information Systems Control Audit Manual (FISCAM) requirements and NIST 800-53 standards and controls.
  
• Develop, update, and review Memorandums of Understanding (MOUs) with service providers to include CUEC roles and responsibilities.
  
• Perform ITGC testing (access management, change management, Configuration).
  
• Quality Assurance reviews of audit workpapers and control documentation.
  
• Notice of Findings and Recommendations (NFRs), Corrective Action
  
• Plans (CAPS), Test of Operating Effectiveness (TOE), Test of Design (TOD), and Service Organization Controls (SOC) Reports
  
• Management of IT audit evidence repositories (SharePoint, Teams, etc.)
  

If you are a highly motivated individual with the ability to solve complex issues, take on new responsibilities, build relationships and think in unique and innovative ways, we are looking for you!

Why Join LC?

At Lynch Consultants (LC), your career growth is unlimited. We offer a competitive compensation package, employer-supported 401(k), world-class health benefits, paid vacation and holidays, plus programs that support your well-being.

You’ll gain:

• Competitive total compensation: Our starting salaries are competitive, and our total compensation package goes even further. You have the chance to earn performance and referral bonuses, plus a profit-sharing bonus available to eligible associates.
  

• Flexible career architecture: We encourage growing in your own way, whether that be moving up, moving across, or staying at your current level while taking on new challenges.
  

• Unlimited promotion opportunities: We don’t have a cap on advancement at Lynch. If you’re ready to take on more responsibility and leadership, the opportunity is there.
  

• Your career, your choice: Your timeline. Your path. Your definition of success. Whether you want to sprint towards partnership, explore different service lines, or master your craft at your current level, we’re here to support you.
  

About Us:

Lynch Consultants, LLC is an Equal Opportunity Employer. We are a premier Federal professional services firm where your work makes a real difference. We value purpose, growth, and impact, and we proudly support and encourage applications from U.S. military veterans.