IT Auditor

About NFF

Since 1996, NFF has designed, architected, and delivered IT network and security solutions to many state, and local government agencies, K-20 educational institutions, federal agencies, and large enterprise businesses across the mid-Atlantic. NFF is a technology services and solutions provider, specializing in next-generation IT infrastructure including networks, data centers, cloud migrations, IT security, collaboration and mobility, and full/part-time staff augmentation services.   Our solutions, professional services and IT staffing portfolio are centered around building more resilient, secure, adaptive, and intelligent IT infrastructure and include comprehensive assessment, architecture, design, integration and installation services, and ongoing performance management services though our Network Operations Center (NOC).  

NFF is a Cisco Gold Partner with a Customer Experience Specialization and was a “Cisco Top-5 Mid-Atlantic SLED Partner” in 2019, 2020 and 2022. NFF has maintained Cisco Gold Partnership since 2008, is the only Cisco Gold Partner headquartered in the District of Columbia. In addition to Cisco, NFF has key partnerships with many manufacturers and IT solution providers including, Rapid7, Arctic Wolf, VMware, NetApp and Splunk.

NFF is a District of Columbia (DC) Certified Business Enterprise (CBE) and a SBA Certified Small Business with headquarters in downtown Washington, DC. Our dedication to quality is reflected in our accomplishment of being awarded multiple ISO 9001:2015 certifications.

About this Position / Responsibilities

• Security Information Gathering: Administer and review standardized information gathering (SIG) questionnaires to assess vendor security controls and conduct onsite visits for high-risk vendors to verify compliance with security practices.
• Vendor Risk Assessment: Conduct thorough initial risk assessments for new vendors to evaluate their security posture, financial stability, and compliance with regulatory requirements. Categorize vendors by risk level (low, medium, high) based on data sensitivity and system access.
• Control Testing and Evaluation: Conduct regular control testing and evaluate the design and operating effectiveness of the IT key controls environment to ensure adherence to established security policies (ITGC - Information Technology General Controls).
• Periodic audits and reviews to ensure compliance with contractual obligations and regulatory requirements.
• Policy Development and Enforcement: Enforce adherence of security policies aligned with federal standards (e.g., NIST SP 800-53) and require vendors to participate in security training programs to maintain awareness of security policies and best practices.
• Third-Party Risk: overseeing thirdparty risk management to ensure risks are identified, assessed, and mitigated, and provide regular reports to maintain transparency and accountability in the risk management process.

Qualifications

• Minimum of 5 years’ experience in private or government space.
• Proficiency in administering and reviewing standardized information gathering (SIG) questionnaires.
• Ability to conduct thorough risk assessments, evaluate security posture, financial stability, and compliance with regulatory requirements.
• Experience in conducting regular control testing and evaluating the effectiveness of IT key controls (ITGC).
• Knowledge of conducting periodic audits and reviews to ensure compliance with contractual and regulatory requirements.
• Familiarity with developing and enforcing security policies aligned with federal standards (e.g., NIST SP 800-53).
• Skills in overseeing third-party risk management, identifying, assessing, and mitigating risks, and providing regular reports.
• BS or equivalent job experience.

NFF Disclosures

NFF offers a competitive salary, comprehensive benefits and flexible paid time off options, for eligible employees:

• Medical, Dental and Vision, Health Savings Account, Flexible Spending Account
• STD, LTD, Supplemental life insurance and ADD&D
• Comprehensive 401k plan
• Paid Time Off

NFF is an Equal Opportunity Employer.

Important Notice: All NFF Inc communications come from @nffinc.com. Emails from other domains claiming to be NFF are likely scams. Be cautious, verify senders, and report suspicious messages immediately.