Apply on Employer Site

Castro & Company · 2 days ago

IT Senior Auditor

Alexandria, VA

Full-time

Onsite

Mid, Senior Level

2+ years exp

Castro & Company is seeking an IT Audit Senior to join their growing Advisory & Accounting practice. In this role, you will lead IT audits and control assessments for federal engagements, working closely with clients to identify risks and mentor junior staff.

AccountingAdviceProfessional Services

Growth Opportunities

No H1B

U.S. Citizen Only

Responsibilities

Lead Process Walkthroughs: Facilitate client meetings to assess IT systems, applications, and controls

Engage Directly with Clients: Serve as a key liaison, building trusted relationships and maintaining open, professional communication throughout the engagement

Identify and Communicate Risk: Analyze IT environments, pinpoint control gaps, and clearly present associated risks and recommendations

Defend and Support Findings: Lead discussions to support audit conclusions with evidence and detailed analysis

Review Audit Workpapers: Evaluate staff-prepared documentation for accuracy, completeness, and compliance with audit standards

Mentor and Support Staff: Provide guidance, technical direction, and feedback to junior team members to strengthen their professional development

Apply Federal IT Compliance Frameworks: Utilize working knowledge of federal standards and guidance, including: FISCAM (Federal Information System Controls Audit Manual), NIST SP 800-53 (Security and Privacy Controls for Federal Information Systems), FISMA (Federal Information Security Modernization Act)

Qualification

IT audit experienceCISA certificationFederal IT complianceRisk managementTechnical controls assessmentFISCAM familiarityNIST SP 800-53 familiarityFISMA familiarityAWS experienceOracle ERP experienceMicrosoft environmentsMainframe systems experienceCommunication skillsProject managementTime managementMentoringTeam collaboration

Required

Bachelor's degree in Information Systems, Cybersecurity, Accounting, or a related field

Minimum of 2 years of experience performing IT audits or IT risk assessments

Hands-on experience conducting IT audits in a federal or DoD environment

Strong understanding of risk management and internal controls across technical and administrative systems

Excellent written and verbal communication skills, with the ability to document and explain complex IT processes clearly

Strong project management and time management skills with the ability to meet tight deadlines

Security Clearance: Must be able to pass a basic government suitability check (US Citizenship required)

Solid understanding of federal IT environments, including system architecture, security frameworks, and compliance standards

Ability to assess and document administrative and technical controls across diverse platforms

Familiarity with FISCAM, NIST SP 800-53, and FISMA frameworks

Preferred

CISA certification preferred

Experience auditing or working with systems such as: Mainframe systems, Microsoft environments (Active Directory, Windows Server, Azure), Amazon Web Services (AWS), Oracle databases and ERP systems