IT Auditor 3+ - Cybersecurity Audit (Internal Only)

This listing is for current employees of the Office of the Washington State Auditor It Auditor 3+ - Cybersecurity Audit (Internal Only) Be valued. Be challenged. Build a career. At the State Auditor’s Office, we are working together to make a real difference in how government operates. We are always looking for new ideas to ensure our work provides value to the clients we serve, and we take pride in the services we perform for the governments and for the people of Washington. We are committed to building and maintaining a workplace environment that is collaborative and supports all employees as we effectively carry out the agency’s mission. This includes ensuring inclusion and equity throughout the agency, while embracing the individual differences of our employees and clients. We believe that diverse perspectives and backgrounds are fundamental to doing our best work. With 15 offices' statewide, 400 positions and important work to do, we always welcome talented people to join our team. Get to know us! We share more about who we are and what we do on social media, using the hashtag #WeAreSAO and on our website at: Current Openings and Internships - Office of the Washington State Auditor. A job and benefits that support a healthy work/life balance. The Washington State Auditor’s Office (SAO) prides itself in offering flexible schedules and a hybrid work environment that helps our staff balance work and life. We also offer a comprehensive package of health and wellness benefits to employees, including:

• Full benefits package. Click here to learn more.
• Paid vacation, sick leave and holidays.
• Growth and development opportunities, including 80+ hours of training each biennium
• Educational and professional certification reimbursements
• An agency-wide commitment to diversity, equity, inclusion and respect in the workplace

About Team Cybersecurity Audit: Our team completes cybersecurity performance audits with State and Local governments to improve IT security. Our cybersecurity audits examine IT systems, looking for weaknesses that attackers could exploit and proposing solutions to help strengthen those systems. Mission We collaborate with governments to provide actionable recommendations to improve the security posture of IT systems supporting essential government operations and services. This will be accomplished by: 1. Building trust and relationships with clients and others we work with. 2. Sharing knowledge about cybersecurity leading practices and available resources. 3. Scoping audits in a flexible manner that meets each auditee’s individual needs. 4. Completing quality and timely audits with prioritized recommendations. 5. Refining methods and approaches to stay relevant and meet emerging needs. Vision Secure government. The Role of an IT Auditor As part of the IT Audit team this position will assist with each part of a cybersecurity audit engagement, from audit planning through final audit presentation. In addition, IT auditors may also work on other IT audit projects. SAO's IT Audit team evaluates a variety of government agencies and local governments. As a result of the audit relevancy, staff have broad exposure to policymakers and executives throughout state and local government. Auditors serve on a team and may also manage contractors for portions of their assigned work. SAO IT auditors assist, develop, lead, and conduct independent cybersecurity performance audits. Because this work is demanding, time bound, and important, auditors must have superior time and project management skills.

• For additional details regarding the position, please review the position description here: CS_IT_Auditor_3_ASA5_PDF.docx

Successful Candidate Profile SAO is seeking candidates who are able to: •Demonstrate an understanding of IT security requirements and best practices. •Produce qualitative analyses of superior quality. •Excel at documenting their work; writing results; and presenting their work to audiences ranging from team members to legislative members and staff. •Demonstrate skill with project management, management control systems, research design, data collection, data analysis, and report writing. •Develop recommendations that improve IT security and increase accountability. •Have a functional understanding of public administration and government. •Effectively communicate verbally and in writing with a variety of audiences, including colleagues, audited agencies, and the public. IT Auditor 3+ - An IT Auditor 3+ is responsible for overall audit planning through final audit presentation of any size or level of complexity cybersecurity audits.

• Independently leads audits that cover increasingly complex cybersecurity environments, which may involve multiple state agencies, local governments or levels of government. Provides expert level technical services in security for cybersecurity audits.
• May lead larger, more complex audits and coordinate the efforts of other auditors to accomplish the overall audit objectives under the direction of an assistant audit manager or audit manager. These large audits involve multiple agencies or levels of government, have complex IT security environments and several layers of applicable laws or regulations and require significant IT security knowledge. May lead audits and projects that include multiple IT audit staff and be responsible for the entire audit.
• Identifies, develops and refines leading practice criteria used by auditors to test state and local government alignment with leading practices. Is able to compare and contrast different leading practices and standards, summarize differences and articulate the impact and applicability to the audits of using different standards. Understands data with IT security special handling requirements and how the data impact to the audit, and how those special handling requirements overlap with different leading practices.
• Independently coordinating and scoping technical testing performed by SAO consultants or SAO IT security specialists in most IT security environments but may need Security Specialist assistance in a more complex and mature IT security environment. Can conduct and take the lead accurately analyzing most technical testing in moderate to complex environments. Needs some assistance with more complex technical tests such as vulnerability scans. Continues to collaborate with team members to ensure optimal scoping, implementation and analysis.
• Independently assess the results of work performed to develop meaningful IT security recommendations. Is able to draw accurate conclusions using the information gathered through interviews, observation, security testing and document reviews to determine control alignment and gaps, make recommendations based on audit results for controls in most IT security environments. Occasionally, still needs some assistance. In consideration of all the IT security testing completed, is able to identify the most significant weaknesses and strengths within the scope of IT security program reviewed. Occasionally, still needs some Security Specialist assistance for new, complex controls. Continues to collaborate with team members to ensure optimal IT security recommendations.

Requirements include a bachelor's degree and at least two years in IT audit and has obtained either a relevant professional certification including but not limited to: Certified Information System Auditor (CISA), General Security Essentials Certification (GSEC), Certified Information System Security Processional (CISSP), or a Master's degree in data analytics, cybersecurity or closely related field. Degree in a field applicable to IT security and/or analyzing government programs is strongly preferred. Preference may be given to a candidate with experience with governments, performance auditing and/or accountability auditing and technical knowledge and associated with cybersecurity.

• Relevant volunteer and/or work experience may substitute for education on a year-for-year basis. To apply, please submit:

1) Your completed application through careers.wa.gov, including detailed responses to any supplemental questions 2) A letter of interest specifically addressing how you meet the qualifications listed in the announcement

• Pay for an IT Auditor 3+ will include assignment pay in addition to the salary listed.

Degrees awarded outside the United States must include a credential evaluation report. If you are a US Veteran and would like to apply for Veteran's Preference, attach a copy of Form DD214 military record showing honorable discharge. Questions may be directed to the applications unit at [email protected]. The Washington State Auditor's Office is an equal opportunity employer. Persons with a disability, who need assistance in the application or testing process, or who need this announcement in an alternative format, may call (360) 725-5618 or via the telecommunications relay service by dialing 7-1-1. Apply To This Job