GuidehouseRemote
IT Audit & Compliance Analyst – Federal Cybersecurity Frameworks
District of Columbia, United States of America
Full Time
5 hours ago
$98,000 - $163,000 USD
H1B Sponsor
Key skills
CloudCyber Security
About this role
Role Overview
- Guidehouse is seeking an IT Audit & Compliance professional to help our client at a large federal agency pursue and maintain compliance with federal cybersecurity frameworks.
- This role focuses on audit preparation and coordination. The candidate will:
- Coordinate internal and external audit activities across federal information systems, ensuring teams, schedules, evidence, and documentation remain audit‑ready.
- Prepare, maintain, and organize assessor‑ready artifacts including SSPs, control narratives, SOPs, POA&Ms, continuous monitoring reports, and structured evidence packages.
- Interpret and apply requirements from federal cybersecurity and audit frameworks, including: NIST SP 800‑53 (security and privacy controls), NIST SP 800‑37 (RMF), NIST SP 800‑171 (CUI), FISMA, FISCAM, OMB Circular A‑123, FedRAMP, and adjacent frameworks such as SOC 1/2, HIPAA, the Privacy Act, and IRS Publication 1075.
- Support audit readiness activities by coordinating evidence collection with engineering, ISSO/ISSM, infrastructure, cloud, and application teams.
- Track audit findings, maintain POA&M items, and facilitate remediation progress across technical and business teams.
- Translate technical implementations into clear, assessor‑ready documentation through strong technical writing and stakeholder coordination.
- Draft and refine policies, procedures, and control narratives, and coordinate teams through internal audits, readiness assessments, and corrective action plans.
Requirements
- Must be able to OBTAIN and MAINTAIN a Federal or DoD "PUBLIC TRUST"; candidates must obtain approved adjudication of their PUBLIC TRUST prior to onboarding with Guidehouse.
- Candidates with an ACTIVE PUBLIC TRUST or SUITABILITY are preferred.
- Bachelor’s degree in information systems, Cybersecurity, Computer Science, Accounting/IS Audit, or a discipline related to this project.
- Three (3) or more years of IT Audit & Compliance experience.
- Experience implementing or assessing NIST SP 800‑53 control requirements in production environments (cloud and/or on‑prem).
- Knowledge of federal cybersecurity and audit frameworks. (This could include NIST SP 800‑37 (RMF), NIST SP 800‑171, FISMA, FISCAM, OMB Circular A‑123, or FedRAMP.)
- Demonstrated ability to create accurate, assessor‑ready documentation (This could include: SSPs, procedures/SOPs, control narratives, POA&Ms, ConMon reporting, evidence packages).
- Preference will be given to candidate's located within the DC Metropolitan area.
Tech Stack
- Cloud
- Cyber Security
Benefits
- Medical, Rx, Dental & Vision Insurance
- Personal and Family Sick Time & Company Paid Holidays
- Position may be eligible for a discretionary variable incentive bonus
- Parental Leave and Adoption Assistance
- 401(k) Retirement Plan
- Basic Life & Supplemental Life
- Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts
- Short-Term & Long-Term Disability
- Student Loan PayDown
- Tuition Reimbursement, Personal Development & Learning Opportunities
- Skills Development & Certifications
- Employee Referral Program
- Corporate Sponsored Events & Community Outreach
- Emergency Back-Up Childcare Program
- Mobility Stipend