Cybersecurity Audit Analyst Services

The Vendor is required to provide cybersecurity audit analyst with a minimum of five (5) years of relevant experience.
- Play a key role in executing and enhancing the commonwealth’s cybersecurity audit program, including both internal audit activities and coordination of external audit responses.
- Responsibilities include:
1. Internal audit review
• Assist deputy chief risk officer, continue to formalize and automate the enterprise risk management (ERM) audit program
• Conduct regularly scheduled reviews of agency internal processes to ensure recommended risk mitigating controls are fully implemented, followed, documented and effective.
• Coordinate with ERM risk analysts to ensure internal reviews include current mitigating control recommendations
• Employ analytical skills to conduct audit tests, participate in meetings and interviews, and assess procedural documentation
• Create comprehensive reports of audit findings to inform staff and executives of needed updates or improvements
• Proactively inform senior management of significant risks or exposures related to internal controls, compliance, and governance requiring prompt attention
• Manage the process to track, follow up, and ultimately ensure closure of all open audit issues
2. External audit response
• Coordinate and follow through with numerous individuals for various audit responses
• Obtain and provide comprehensive responses to internal and external audit requests.
• Build and maintain positive working relationships across all levels and functional areas.
• Meticulously track and document responses to and from multiple sources in a timely and succinct manner.
• Oversight of the internal audit liaison program
• Assist documentation of ERM audit program practices and procedures to include templates and reference guides.
• Plan and schedule program deliverables, goals, and milestones.
• Other responsibilities as assigned.
3. Required ERM knowledge, skills and abilities:
• At least five (5) years of experience in cybersecurity audit, it audit, risk management, or compliance
• Strong knowledge of cybersecurity and control frameworks (e.g., nist, cis controls)
• Experience performing audits, risk assessments, program evaluations, and conducting research using quantitative and qualitative methods in a government or highly regulated environment.
• Demonstrate ability to multitask, prioritize, and meet deliverables for various and fluid responsibilities and initiatives.
• Exceptional organizational skills include acute attention to detail especially involving the gathering, updating, tracking, and reporting of data from multiple sources.
• Ability to maintain a consistent and timely follow-through of all requests requiring a response from various members and all levels of the organization.
• A working knowledge of IT, network infrastructure, software application and software vendor disciplines desired.