Job Seekers, Please send resumes to resumes@hireitpeople.com
Short Description:
DPOR Security Auditor
Contract duration is 6 Weeks
*Local Candidates Preferred
Complete Description:
IT Security Audit will assess the effectiveness of controls over five of DPOR's applications and compliance with COV ITRM SEC519-00, IT Security Policy, COV ITRM SEC 501-01
Overall, the IT Security Audit will assess the effectiveness of controls over five of DPOR's applications and compliance with Commonwealth of Virginia (COV) IT Information Security Policy (SEC 519-00), IT Information Security Standard (SEC501-07.1) , IT Security Audit Standard (SEC502-02.1, IT Systems Management Procedures for DPOR applications, and any legal requirements and best practices. Specifically, the objectives of the IT System Audit are to determine whether the IT security controls for the five applications are documented and provide reasonable assurance that:
1. Physical access to the production environment, stored data, and documentation is restricted to prevent unauthorized destruction, modification, disclosure, or use.
2. Logical access to the production environment, data files, and sensitive system transactions, is restricted to authorized users only.
3. The production environment is protected against environmental hazards and related damage.
4. Regularly scheduled processes that are required to maintain continuity of operations in the event of a catastrophic loss of data, facilities, or to minimize the impact of threats to data, facilities or equipment, are performed as scheduled.
5. Roles and responsibilities are adequately defined, documented and assigned to persons with an adequate technical training and role based IT Security technical training is planned and received.
6. System hardening measures have been applied to the applications adequate to protect them against risks to which it is exposed.
REQUIRED SKILLS:
• Significant IT security audit experience (prefer government-related IT Audit exp)
• Working knowledge and understanding of Commonwealth of Virginia IT security standards
• Exceptional written and verbal communication skills required to interact effectively with all levels of the organization.
Additional Requirements:
Current Certification as a CISA or CPA (Must have at least one of these)
Bachelors Degree in Information Systems or related area plus three years experience or six years overall experience.
Skills:
|
Skill |
Required / Desired |
Amount |
of Experience |
|
CISA or CPA |
Required |
5 |
Years |
|
Recent IT security audit exp (government setting pref) |
Required |
3 |
Years |
|
Working knowledge of IT Information Security Policy (SEC 519-00) |
Desired |
3 |
Years |
|
Working knowledge of IT Information Security Standard (SEC501-07.1) |
Desired |
3 |
Years |
|
Working knowledge of IT Security Audit Standard (SEC502-02.1) |
Desired |
3 |
Years |
|
Knowledge, understanding, and experience with COBIT framework |
Highly desired |
3 |
Years |
|
Familiarity with pertinent industry IT guidelines (NIST, ISO, GTAG) |
Highly desired |
3 |
Years |
|
Graduate of an accredited college or university with major studies |
Required |
5 |
Years |
Do you have a current certification as CISA or CPA. Pls provide name of cert and year received.
Do you have prior exp successfully performing government-related IT security audits? Pls list agency name. A completed professional reference from agency mgr (where prior audit was performed) should be attached as separate document.
