External Auditor

About NFF

Since 1996, NFF has designed, architected, and delivered IT network and security solutions to many state, and local government agencies, K-20 educational institutions, federal agencies, and large enterprise businesses across the mid-Atlantic. NFF is a technology services and solutions provider, specializing in next-generation IT infrastructure including networks, data centers, cloud migrations, IT security, collaboration and mobility, and full/part-time staff augmentation services.   Our solutions, professional services and IT staffing portfolio are centered around building more resilient, secure, adaptive, and intelligent IT infrastructure and include comprehensive assessment, architecture, design, integration and installation services, and ongoing performance management services though our Network Operations Center (NOC).  

NFF is a Cisco Gold Partner with a Customer Experience Specialization and was a “Cisco Top-5 Mid-Atlantic SLED Partner” in 2019, 2020 and 2022. NFF has maintained Cisco Gold Partnership since 2008, is the only Cisco Gold Partner headquartered in the District of Columbia. In addition to Cisco, NFF has key partnerships with many manufacturers and IT solution providers including, Rapid7, Arctic Wolf, VMware, NetApp and Splunk.

NFF is a District of Columbia (DC) Certified Business Enterprise (CBE) and a SBA Certified Small Business with headquarters in downtown Washington, DC. Our dedication to quality is reflected in our accomplishment of being awarded multiple ISO 9001:2015 certifications.

About this Position / Responsibilities

• The External Auditor Consultant shall deliver, but not limited to, the following:
• • Thoroughly assess and validate the SOX Risk Control Matrices (RCM’s) for identified systems of record against Board policies. Document findings and recommendations.
  • Crosswalk the SOX RCMs against the TS/ Board Information Security Program (BISP) standards and procedures and document the results.
  • Provide recommendations, develop action plans, and help implement capabilities to improve compliance and security practices.
  • Document updates to compliance related policies, processes, procedures, and/or standards as directed by the compliance team.
• Participates in the process to evaluate, develop, maintain, and update the technology compliance program. Advises the technology support officer and technology managers on compliance, information security, and internal controls.
• Prepares the technology departments for the yearly financial statement audit and SOX internal control reviews.
• Assist in developing required documents in support of internal SOX or FISMA reviews.
• Develop solutions with team members to minimize vulnerabilities.
• Advises the technology officer of SOX and compliance issues and recommends solutions
• Provides a weekly status report to the COR documenting concerns, issues, risks, and progress.
• Recommends and helps implement GRC Tools to increase automation in the areas of compliance, auditing, and vulnerability detection for the branch.
• Perform weekly Splunk/audit log reviews and report any anomalies
• Evaluate system documentation to meet compliance requirements
• Assists with building governance and risk management tasks and activities for the team and management review
• Designs, tests and reviews controls for compliance and ensures proper documentation is recorded.
• Creates audit and monitoring reports used by the team, as directed.

Qualifications

• Experience with financial applications
• Experience with evaluating cloud internal controls reports, SOC-1 and SOC-2
• Simultaneously works on several complex assignments requiring analysis of control applicability and evaluation of control gaps for financial systems.
• Experience with supporting financial IT audits and successfully developing audit and security related system documentation to reduce risk and meet control requirements desired.
• Experience with performing system audit log reviews via Splunk tool
• Experience assessing and evaluating NIST 800-53 controls
• Experience in developing a Risk Control Matrix, Test of Design and Test of Effectiveness (TOD/TOE)
• Must have at least five years of progressively responsible experience in the information technology arena as an IT auditor, IT security analyst, IT manager, business analyst, system administrator or a combination of these.
• Possess clear, concise, and effective verbal and written communication and project management skills needed for functioning in an unstructured matrix management environment.
• Work independently and meet deadlines for assigned tasks
• Experience with assessing IT systems leveraging SOX, FISCAM, COBIT, or FISMA Compliance strongly desired.
• CISSP or CISA certification strongly desired.
• Experience with Workday or Coupa a plus, but not required
• US Citizen preferred.  Green card holders allowed.

NFF Disclosures

NFF offers a competitive salary, comprehensive benefits and flexible paid time off options, for eligible employees:

• Medical, Dental and Vision, Health Savings Account, Flexible Spending Account
• STD, LTD, Supplemental life insurance and ADD&D
• Comprehensive 401k plan
• Paid Time Off

NFF is an Equal Opportunity Employer.

Important Notice: All NFF Inc communications come from @nffinc.com. Emails from other domains claiming to be NFF are likely scams. Be cautious, verify senders, and report suspicious messages immediately.