SOC 2 and CMMC Internal Audit Liaison

Job Description:

• Work with our engineers, support representatives, and external auditors to develop and maintain audit programs.
• Perform complex, senior-level auditing and advisory work to develop a new audit program and processes for SOC2 and Department of Defense (DOD) Cybersecurity Maturity Model Certification (CMMC) / FedRAMP.
• Conduct research, benchmarking, examining and reviewing records & financial statements.
• Perform data & risk analyses, identify appropriate controls, assess business processes, and evaluate management processes.
• Manage the development of an appropriate audit scope, selection of an external auditor, and successful completion of audits annually.
• Continuously collect operational documentation and data samples to close process gaps or document accepted risk before a gap becomes a finding.
• Maintain relationships with external auditors to anticipate changes to audit focuses and prepare the organization.
• Educate the organization about audit requirements, risk analysis and controls, and assist with integrating best practices into existing operational framework.
• Identify and document corrective actions based on audit reports.
• Respond to client requests for documentation of processes and audit reports.
• Understand and follow changes to CUECs from partners and vendors.

Requirements:

• Auditing in accordance with generally accepted auditing standards and risk-based internal auditing.
• Basic information technology controls in a cloud environment.
• Analyzing, interpreting, and summarizing data, policies, and procedures for effective performance of audit work.
• Establishing and maintaining trust-based relationships with internal and external stakeholders.
• Have advanced writing and communication skills.
• Be willing to apply your skills across our small organization, from the low level (e.g. writing process documentation) to high level (e.g. developing organizational audit plans).
• Help us maintain the culture and values of our organization.
• Some experience with DOD cybersecurity requirements and contracts, e.g. NIST 800-171.
• Some experience with FedRAMP requirements.

Benefits: