IT Security Auditor

Date: April 12, 2013

Location: Richmond, VA


Quantum Tech Staffing is seeking an IT Security Auditor for a contract position in Richmond, VA.

Overall, the IT Security Audit will assess the effectiveness of controls over five of VA State Agency’s applications and compliance with Commonwealth of Virginia’s IT Information Security Policy, IT Information Security Standard, IT Security Audit Standards, and IT Systems Management Procedures for agency applications, and any legal requirements and best practices. Specifically, the objectives of the IT System Audit are to determine whether the IT security controls for the five applications are documented and provide reasonable assurance that:

1. Physical access to the production environment, stored data, and documentation is restricted to prevent unauthorized destruction, modification, disclosure, or use.
2. Logical access to the production environment, data files, and sensitive system transactions, is restricted to authorized users only.
3. The production environment is protected against environmental hazards and related damage.
4. Regularly scheduled processes that are required to maintain continuity of operations in the event of a catastrophic loss of data, facilities, or to minimize the impact of threats to data, facilities or equipment, are performed as scheduled.
5. Roles and responsibilities are adequately defined, documented and assigned to persons with an adequate technical training and role based IT Security technical training is planned and received.
6. System hardening measures have been applied to the applications adequate to protect them against risks to which it is exposed.

o Significant IT security audit experience (prefer government-related IT Audit exp)
o Working knowledge and understanding of Commonwealth of Virginia IT security standard
o Exceptional written and verbal communication skills required to interact effectively with all levels of the organization.

Additional Requirements:

o Current Certification as a CISA or CPA (Must have at least one of these)
o Bachelors Degree in Information Systems or related area plus three years experience or six years overall experience.