IT and Cyber Risk Auditor Principal

Own your opportunity as an IT & Cyber Risk Auditor Principal at GDIT. You’ll lead enterprise-level IT and cybersecurity risk and compliance assessments that help secure the systems and data vital to our national security missions. At GDIT, the mission is our purpose, and our people are at the center of everything we do.

As a trusted audit leader, you’ll evaluate cyber and IT controls, identify risk exposure, and influence remediation strategies while partnering with cross-functional teams to strengthen enterprise risk posture. Your work will have meaningful impact across federal government and defense programs.

Responsibilities:

• Lead and execute rigorous IT and cybersecurity risk audits and assessments
• Evaluate IT general controls, cybersecurity controls, and risk management processes.
• Assess compliance with federal frameworks and guidance (e.g., NIST, RMF, FISMA, FedRAMP, ISO 27001)
• Identify and document control gaps, risk exposures, and areas for process improvement.
• Provide risk-based recommendations and actionable insights to senior leadership and stakeholders.
• Support preparation of audit reports and executive briefings
• Manage and execute system Certification and Accreditation processes, ensuring compliance with security controls and requirements outlined in agency policies.
• Collaborate with cybersecurity, IT, compliance, and program teams to drive remediation and sustainable improvements.
• Participate in internal and external audit activities, including customer assessments.
• Experience using XACTA data base applications and the ICD 503, NIST 800-83 rev4 policy
• Review monthly vulnerability scan reports and track and address weaknesses in plans as needed.
  • Perform security system event analysis, investigation, and validation
  • Provide incident response to classification spills, malware infection, misconfiguration exposure, internal inappropriate behavior and technical issue
  • Perform Security Technical Implementation Guide (STIG) and Federal Information Security Management Act (FISMA) assessments and annual reporting

Required Qualifications:

• 8+ years of progressive experience to an intermediate level in IT audits, cybersecurity risk management, or information assurance.
• TS/SCI w/CI poly.
• Security+CE.
• Expertise with cybersecurity and IT control frameworks and compliance requirements.
• Experience conducting complex IT and cybersecurity audits in government or federal contracting environments.
• Experience with cloud security risk assessments and modern technologies
• Clear and effective communication skills with the ability to influence technical and executive audiences.
• Ability to multi-task, prioritize, and re-prioritize work in a fast-paced environment.
• Ability to learn an application environment in order to update or create supported security documentation.

Preferred Qualifications:

• Bachelor’s degree or equivalent military training in Information Systems, Cybersecurity, Computer Science, Accounting, or related field.
• Applicable certifications include: CASP+, CGRC/CAP, GSEC, GSNA, SSCP, CISSP, CISM.
• Currently hold certification in good standing to satisfy IAM Level II (Information Assurance Management Level 2) per DoW 8570/8140.
• Successfully completed Tier 5 Investigation (T5), formerly known as a Single Scope Background Investigation (SSBI) by the federal government within the last 5 years, or requires candidate to have been enrolled in a Continuous Vetting program within the last 5 years.

GDIT IS YOUR PLACE
At GDIT, the mission is our purpose, and our people are at the center of everything we do.

• ● Growth: AI-powered career tool that identifies career steps and learning opportunities.
• ● Support: An internal mobility team focused on helping you achieve your career goals.
• ● Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off
• ● Community: Award-winning culture of innovation and a military-friendly workplace.

OWN YOUR OPPORTUNITY
Explore a career in cyber at GDIT and you’ll find endless opportunities to grow alongside colleagues who share your focus on defending and protecting what matters.