Information Security Audit and Compliance Manager

Role Overview

• Lead and execute risk-based audits across IT governance, service delivery, project delivery, system development lifecycle, networks, infrastructure, and applications to assess control design and operating effectiveness.
• Plan engagements: develop scope documents, perform process walkthroughs, build risk and control matrices, and align controls to Federal Financial Institutions Examination Council (FFIEC), National Institute of Standards and Technology (NIST) Special Publication 800‑53, Center for Internet Security (CIS), Defense Information Systems Agency Security Technical Implementation Guides (DISA STIG), Federal Risk and Authorization Management Program (FedRAMP), and Cybersecurity Maturity Model Certification (CMMC) frameworks.
• Apply Agile audit practices to prioritize the audit backlog, iterate testing, and deliver incremental reporting that accelerates remediation.
• Execute testing in Microsoft Azure and Azure Government (GovCloud) environments; obtain and evaluate audit evidence; document findings, root cause, and risk; and validate proofs of closure.
• Coordinate with technology, security, and business stakeholders to validate issues, recommend actionable remediation, and support follow-up testing.
• Review and update information security audit procedure documents; annually evaluate baseline security controls and update documents and test plans accordingly.
• Assess controls across Identity, Credential, and Access Management (ICAM); authentication and authorization including single sign-on (SSO) and identity federation; Zero Trust; defense‑in‑depth; data protection; operating system hardening; network security; Continuous Diagnostics and Mitigation (CDM); alerting; audit trails; and incident response.

Requirements

• 5+ years of experience auditing information technology or security processes and operations across IT governance, service delivery, system development lifecycle, networks, infrastructure, and applications.
• 5+ years of cybersecurity audit experience with Microsoft Azure and Azure Government (GovCloud), including evidence collection, control testing, and reporting.
• Experience mapping and testing controls against FFIEC, NIST 800‑53, CIS benchmarks, DISA STIGs, FedRAMP requirements, and CMMC practices.
• Experience collaborating directly with external clients, business leadership, and independent auditors to drive remediation and measurable improvements in control effectiveness and regulatory compliance.
• Ability to develop scope documents, perform process walkthroughs, build risk and control matrices, and write clear, defensible audit findings with risk statements and recommendations.
• Hands-on knowledge of ICAM; authentication and authorization including SSO and identity federation; Zero Trust; defense-in-depth; data protection; operating system hardening; network security; CDM; alerting; audit trail design; and incident response.
• Bachelor’s degree and/or equivalent combination of education, related experience and/or military experience.

Tech Stack

• Azure
• Cyber Security

Benefits

• Fuel Your Life program to support your physical, financial, social, and emotional well-being.
• Paid holidays and generous time away policies.
• No-cost mental health support through Employee Assistance Programs.
• Living Proof program to recognize your peers’ extra effort with points redeemable for rewards.
• Eight Employee Resource Groups to foster a collaborative culture and expand your network.
• Unparalleled professional growth with training, development, and internal mobility opportunities.
• Medical, dental, vision, life, and disability insurance options available from day one.
• Retirement planning and discounted shares with the Employee Stock Purchase Plan.
• Tuition assistance and reimbursement program.
• Paid parental, caregiver, and military leave.