IT Controls Specialist: Focus on FedRamp & NIST
Skills & Expertise:
- 8+ years of experience in IT Risk or IT Audit roles.
- Strong grasp of IT Risk & Compliance principles, with expertise in Control Design Assessments, Sample-Based Control Testing (operational), and Controls Monitoring.
- Extensive experience in Technology Audits, particularly focusing on FedRamp.
- Proven ability to develop and implement a Controls Assurance framework, including assessments, operational testing, and monitoring.
- Skilled in identifying and evaluating the severity and impact of control issues, ensuring clear communication to risk owners to drive actionable decisions.
- Advanced knowledge of information technology trends and emerging technologies, with the ability to align them with organizational goals.
- Expertise in IT policies, privacy laws, and standards applicable to Control Assessments, Testing, and Monitoring.
- Familiarity with compliance frameworks such as GDPR, CCPA, NIST (Privacy Act of 1974, 800-53, 800-171, CMMC), SOC, ISO, CIS, etc.
- Experience with GRC tools.
- Proficiency in MS Office.
- Familiar with automated tools for data analytics and monitoring.
- Experience in generating management reports.