0111Audit-GA-SP-Auditor
PAYRATE: OPEN
REMOTE:
DURATION: 3-4 Months (Can be Extended)
The candidate shall submit following to be considered:
DESCRIPTION:
Looking for a consultant to provide the following:
IT audit/consulting services to a Community College regarding:
1. Organization Structure
2. Internal Audit IT Risk Assessment/Audit Program
3. High-level review to support Internal Audit IT risk assessment, with the goal of assisting in the development of the IT internal audit plan for the next 1-3years.
The consultant will help build a multi-year IT audit program for the College's Internal Audit Department based on an IT risk assessment using a format that is consistent with the format used by the Internal Audit Department.
The frequency and/or rotation of the audits in the audit plan will be tailored and customized based on
the College's budget constraints and risk appetite. Future IT audits are subject matter specific audits that address specific IT risks and will also be identified in the multi-year audit program. The multi-year audit plan should include only audits typical for organizations the size of the College and for common IT risks that such an organization may face. Due to general security concerns, details such as number of servers, types of platforms, number of key applications, databases, data centers and locations, use of outsourced IT functions, Cybersecurity controls, etc. will only be disclosed to the selected vendor.
Minimum Qualifications include: 1. The auditor should have professional certifications such as CISA, CIA, CISSP, CRISC, or similar. 2. Minimum 7+ years of IT Audit experience: The auditor should have substantial experience in conducting both organizational structure reviews and Cybersecurity audits. 3. Experience in conducting risk-based IT audits: The auditor should use a risk-based approach in their audit methodology, focusing on areas with higher risks to the organization. 4. Experience conducting risk-based Cybersecurity audits: The auditor should adopt a risk-based approach, focusing on high-risk areas, critical assets, and potential vulnerabilities. 5. Familiarity with recognized security frameworks: The auditor should be proficient in assessing against the NIST Cybersecurity Framework and CIS Controls. 6. Ability to develop control matrices and test plans: Experience in designing and implementing IT control matrices and audit test plans for IT audits. 7. Proven track record in delivering audit reports: Ability to write clear, concise, and actionable audit reports suitable for presentation to senior management and audit committees. 8. Preferred: Background and prior experience particularly for community colleges, .