The vendor required to provide staff augmentation to the office of internal audit (IA) for information technology (IT) audit and advisory services and other internal audit services as needed on an annual contract.
- The IT audits consist of deep dives of control areas such as the following examples:
• Asset management
• User access
• Malware protection
• Incident response
• Disaster recovery
• Administrative accounts and elevated privileges
• Firewalls and perimeter defenses
• Monitoring and logging
• Security architecture and design
• Vulnerability scanning and patch management
• Application security
• Software management
• Helpdesk and project portfolio management
• Vendor management
- Service providers (“external staff”) will be required to:
• Identify and document key controls specific to the county’s current state.
• Develop custom, risk-based audit plans designed to provide valuable insight.
• Develop test plans to evaluate the adequacy, design, and effectiveness of controls in place.
• Maintain work papers to IA standards to support audit assessments and conclusions.
• Provide actionable, effective recommendations based on evidence and root causes.
• Consider best practices to offer practical, cost-effective improvements when applicable.
• Use IA project management tools to store and manage audit work in a timely manner.
• Provide a secure channel or virtual environment for communication with IA.
• Collaborate with IA to perform risk assessments to prioritize audit work.
• Follow IA guidelines and IT audit best practices.
• Collaborate with IA and support IA’s audit plan objectives.
• Maintain high ethical, quality, and professional standards throughout engagements.
• Provide experienced resources that require limited supervision and understanding audit methodology and documentation
- IT senior auditor
• Four or more years of recent experience conducting IT audits or internal audits, including three years leading IT audits.
• Experience conducting IT audits for at least three different media to large client organizations.
• Active ISACA certification as a certified information systems auditor (CISA) preferred.
• CISA certification may be substituted with certified internal auditor (CIA) or certified public accountant (CPA) credentials with sufficient, relevant IT audit experience.
• Demonstrated mastery of IT audit principles.
• Demonstrated success forming and sharing evidence-based results with clients.
- IT staff auditor (as needed)
• One to three years of recent experience conducting IT audits or internal audits.
• Relevant professional certifications desired.
- IT audit manager or director (security expert)
• Five or more years of experience evaluating IT security controls and providing specific IT security recommendations, including three years leading formal IT security reviews or audits.
• Industry or governmental experience in managing IT operations desirable.
• Active certification as a certified information systems security professional (CISSP) and certified information systems manager (CISM).
• Demonstrated cybersecurity and network security expertise, including knowledge of the latest risks, threats, and tools.
• Preferred: offensive security (penetration testing) experience and certification as offensive security certified professional (OSCP) or certified ethical hacker (CEH).
• Expertise in specific areas of information security as needed.
- Senior internal auditor (as needed for non-IT engagements)
• Four or more years of recent experience conducting internal audits, including two years leading internal audits.
• Experience conducting internal audits for medium to large client organizations.
• Active certified internal auditor (CIA), certified professional accountant (CPA), or certified fraud examiner (CFE) certification.
• Demonstrated mastery of internal audit principles.
• Demonstrated success working with clients.
Set up free email alerts and get notified when new government bids, tenders and procurement opportunities match your industry and location. Choose daily or weekly delivery.
