Overview VariQ has an exciting opportunity for a highly qualified IT Program Auditor located in Arlington, VA. IT Program Auditor Conducts evaluations of an IT program or its individual components to determine compliance with published standards. Additional Information Location Arlington, VA Salary Dependent upon experience Available upon award, currently in the proposal stage Responsibilities Develop methods to monitor and measure risk, compliance, and assurance efforts. Provide ongoing optimization and problem-solving support. Provide recommendations for possible improvements and upgrades. Review or conduct audits of information technology (IT) programs and projects. Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements. Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up. Conduct importexport reviews for acquiring systems and software. Ensure that supply chain, system, network, performance, and cybersecurity requirements are included in contract language and delivered. Qualifications Skills Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system. Skill in conducting audits or reviews of technical systems. Skill to translate, track, and prioritize information needs and intelligence collection requirements across the extended enterprise. Required Abilities Ability to ensure security practices are followed throughout the acquisition process. Required Knowledge Knowledge of industry-standard and organizationally accepted analysis principles and methods. Knowledge of information technology (IT) architectural concepts and frameworks. Knowledge of Risk Management Framework (RMF) requirements. Knowledge of resource management principles and techniques. Knowledge of system life cycle management principles, including software security and usability. Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise. Knowledge of riskthreat assessment. Knowledge of organizational process improvement concepts and process maturity models (eg, Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions). Knowledge of service management concepts for networks and related standards (eg, Information Technology Infrastructure Library, current version ITIL). Knowledge of how to leverage research and development centers, think tanks, academic research, and industry systems. Knowledge of information technology (IT) acquisitionprocurement requirements. Knowledge of the acquisitionprocurement life cycle process. Knowledge of computer networking concepts and protocols, and network security methodologies. Knowledge of risk management processes (eg, methods for assessing and mitigating risk). Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. Knowledge of cybersecurity and privacy principles. Knowledge of cyber threats and vulnerabilities. Knowledge of specific operational impacts of cybersecurity lapses. Preferred Experience and Certifications This requires 7+ years of relevant cyber security experience and is a Senior Position. Relevant Certifications CompTIA Advanced Security Practitioner (CASP) CompTIA Security+ EC Council EC-Council Certified Ethical Hacker (CEH) FISMA Certified FISMA Compliance Practitioner (CFCP) GIAC Certified Penetration Tester (GPEN) GIAC Certified Windows Security Administrator (GCWN) GIAC Critical Controls Certification (GCCC) GIAC Systems and Network Auditor (GSNA) ISACA Certified Information Systems Auditor (CISA) ISC2 Certified Authorization Professional (CAP) ISC2 Certified Information Systems Security Professional (CISSP) ISC2 Systems Security Certified Practitioner (SSCP) Other Duties Please note this job description is not designed to cover a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice. Physical Demands and Work Environment The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the functions. While performing the duties of this position, the employee is regularly required to talk or hear. The employee frequently is required to use hands or fingers, handle or feel objects, tools, or controls. The employee is occasionally required to stand walk sit and reach with hands and arms. The employee must occasionally lift andor move up to 25 pounds. Specific vision abilities required by this position include close vision, distance vision, and the ability to adjust focus. The noise level in the work environment is usually low to moderate Note This job description in no way states or implies that these are the only duties to be performed by the employee(s) incumbent in this position. Employees will be required to follow any other job-related instructions and to perform any other job-related duties requested by any person authorized to give instructions or assignments. All duties and responsibilities are essential functions and requirements and are subject to possible modification to reasonably accommodate individuals with disabilities. To perform this job successfully, the incumbents will possess the skills, aptitudes, and abilities to perform each duty proficiently. Some requirements may exclude individuals who pose a direct threat or significant risk to the health or safety of themselves or others. The requirements listed in this document are the minimum levels of knowledge, skills, or abilities. This document does not create an employment contract, implied or otherwise, other than an "at will" relationship. VariQ is an Equal OpportunityAffirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veteran status, or any other protected class. We consider diversity and inclusiveness to be core to our culture, and central to our commitment to fostering an empowering and supportive workplace.