Overview:
IT Audit & Controls Analyst I -RMF/FISCAM
Bowhead seeks an IT Audit & Controls Analyst I -RMF/FISCAM to support the AF FIAR contract in Andrews AFB, MD. The IT Audit & Controls Analyst I -RMF/FISCAM will support audit readiness efforts by assessing, testing, and sustaining IT internal controls aligned with FISCAM, NIST 800-53 (RMF), and FIAR guidance. This role focuses on validating control effectiveness, supporting remediation efforts, and ensuring IT systems and processes meet federal financial management and cybersecurity compliance requirements.
Responsibilities:
- Assess, document, test, and monitor IT general controls (ITGCs) and business process controls
-
Perform control re-testing, remediation validation, and sustainment testing following FIAR baseline assessments
-
Develop and maintain control documentation, test plans, and results in accordance with audit standards
-
Identify control gaps, deficiencies, and risks; support development of corrective actions
-
Draft system change requests and define requirements related to system issues (e.g., SIDs, Critical Issues, NFRs)
-
Support IT audit readiness efforts, including responding to auditor requests, RFIs, and findings
-
Maintain evidence repositories (e.g., SharePoint) to ensure audit traceability and compliance
-
Collaborate with IT, cybersecurity, and financial stakeholders to align controls with system functionality and mission requirements
-
Support IT system modernization, migration, and implementation efforts from a controls and compliance perspective
-
Prepare clear briefings and status reports for technical and non-technical stakeholders
-
Other duties as assigned
Qualifications:
- Bachelor’s degree in Information Systems, Computer Science, or related field (or 4+ years of relevant experience)
-
2+ years of experience supporting IT audit, controls testing, or compliance efforts
-
Experience with FISCAM and/or NIST 800-53 Risk Management Framework (RMF)
-
Experience documenting and testing IT controls and supporting remediation activities
-
Familiarity with IT system modernization, migration, or ERP implementations
-
Understanding of current IT and cybersecurity trends
-
Strong analytical, documentation, and communication skills
Preferred Qualifications
-
Experience with DoD or Air Force systems and environments
-
Familiarity with FIAR guidance and federal financial management system requirements (e.g., OMB A-127)
-
Knowledge of Federal Information System Controls Audit Manual (FISCAM) requirements
-
Experience with Oracle Federal Financials or similar ERP systems
-
Domain knowledge of Foreign Military Sales (FMS) or Security Cooperation processes
-
Strong background in audit readiness, remediation, and internal controls
Physical Demands:
-
Must be able to lift up to 25 pounds
-
Must be able to stand and walk for prolonged amounts of time
-
Must be able to twist, bend and squat periodically
SECURITY CLEARANCE REQUIREMENTS: Must be able to maintain a security clearance at the Secret level. US Citizenship is a requirement for this contract.
#LI-JS1
