IT AUDIT LEAD/FISCAM AND FISMA COMPLIANCE

IT Audit Lead – FISCAM & FISMA Compliance

The IT Audit Lead will lead complex audits and compliance initiatives designed to strengthen the organization’s information security posture across federal and national security environments. This role is responsible for planning, executing, and reporting on internal control assessments aligned to FISCAM, NIST SP 800-53, OMB Circular A-123, and the Federal Information Security Modernization Act (FISMA). The ideal candidate brings proven experience advising CIO, CISO, Inspector General, and Audit Committee leadership on audit readiness, control maturity, and remediation strategies supporting an unqualified Statement of Assurance.

Key Responsibilities

• Lead enterprise IT audits and internal control reviews across national security and high-impact federal systems, ensuring compliance with FISCAM and NIST standards.

• Oversee FISMA program execution, including control testing, POA&M management, risk scoring, and continuous monitoring activities.

• Manage annual Statement of Assurance development and governance of supporting evidence, risk ratings, and remediation outcomes.

• Direct audit planning, scoping, walkthroughs, and ITGC/ITAC testing for financial and operational systems.

• Translate complex cyber and IT risks into clear, actionable recommendations for senior leadership.

• Present audit results, dashboards, and remediation status to CIO organizations, Audit Committees, and oversight bodies.

• Build and mentor high-performing compliance and internal control teams; drive accountability and continuous improvement.

• Develop and mature enterprise IT governance frameworks, incorporating emerging risks, automation, and performance metrics.

Qualifications

• 10 years leading IT audit and internal control programs in federal or highly regulated sectors; national security experience preferred

• Deep knowledge of FISCAM, FISMA, NIST SP 800-53, OMB A-123, and FMFIA requirements

• Demonstrated success supporting unqualified Statements of Assurance

• Strong communication skills with executive-level reporting experience

• Active security clearance (or eligibility), preferred

• Professional certifications such as CISA, or PMP highly desired