IT Audit Lead

Position: IT Audit Lead
Location: Washington, D.C. (Hybrid)

Key Responsibilities:

• Lead IT Governance, Risk, and Compliance (GRC) and audit-related initiatives.

• Oversee daily audit activities, including preparing Provided By Client (PBC) documentation, scheduling walkthroughs, and creating audit briefings.

• Design and deliver audit programs and training to ensure consistent and high-quality audit execution.

• Establish and maintain strong relationships with clients and internal teams to identify and address IT security concerns and opportunities.

• Develop and promote best practices and tools for audit management; spearhead remediation initiatives.

• Manage responses to audits conducted by the Office of Inspector General (OIG) and other external agencies (e.g., IRS, DHS).

• Draft audit narratives, gather and vet supporting evidence, and oversee closure of audit recommendations.

• Review and prepare IT security artifacts for submission to federal oversight and audit bodies.

• Direct the planning, execution, and closure of POA&Ms.

• Analyze issues identified in control assessments and audit findings, collaborating with subject matter experts (SMEs) to recommend solutions.

• Coordinate with stakeholders to define and manage remediation milestones.

• Support broader IT GRC efforts, including standards management, exception approvals, and waivers.

• Provide project management support by developing schedules, reports, briefings, and plans.

• Oversee risk assessments, impact analyses, and risk acceptance activities.

• Collaborate with SMEs to update and maintain security documentation to reflect the current security posture.

• Lead cross-functional efforts to develop thorough, coordinated responses to audit requests, including creating detailed briefings and presentations.

Qualifications:

Education & Experience:

• Bachelor s degree with 9 years of relevant experience, Master s degree with 7 years, or PhD/JD with 4 years.

• Minimum of 2 years of experience supporting or conducting IT security audits.

• Experience managing teams of three or more direct reports.

Certifications:

• Industry-recognized certifications such as CISSP, CISA, or equivalent.

Technical Expertise & Knowledge Requirements:

• Deep understanding of NIST Special Publications, particularly NIST SP 800-53, FISMA, and relevant audit/security standards.

• Familiarity with OMB Circulars A-123 and A-130, FMFIA, and FISCAM frameworks.

• Awareness of current IT trends, risks, and security standards.

Skills & Competencies:

• Strong leadership skills with a proven ability to manage cross-functional and technical teams.

• Excellent organizational, time management, and multitasking abilities.

• Customer-focused with a collaborative mindset and strong interpersonal skills.

• Effective at leading meetings, securing stakeholder alignment, and adapting to evolving priorities.

• Excellent written and verbal communication skills, capable of presenting technical information to non-technical audiences.

• Strong analytical and critical thinking skills with the ability to assess risk and implement mitigation strategies.

• Proficiency in Microsoft Office Suite (Word, Excel, Visio, PowerPoint, Project) and SharePoint.

• Ability to provide thorough and constructive feedback to ensure high-quality deliverables.

• Working knowledge of IT platforms and environments such as Microsoft, Cisco, and Oracle.

• Experience with SharePoint lists and workflows is highly preferred.