Job Description

Job Title: IT Control Manager
Location: Hybrid – Arlington, VA (3 days onsite, 2 days remote)
Pay Rate: $45-$55/hr
Clearance Requirement: Secret Clearance

Position Overview:

We are seeking a skilled IT Control Manager to support the Environmental & Disposal Liability AAT in a hybrid role based in Arlington, VA. An AAT (Assessment and Action Team) is a cross-functional team that rapidly evaluates situations, develops strategic plans, and mobilizes resources to achieve efficient and effective outcomes. By integrating personnel, information, and resources in a centralized setting—whether physical or virtual—the team enhances coordination and accelerates results.

This role requires expertise in IT audit controls, risk mitigation, and compliance frameworks, with a strong focus on ITAC (IT Application Controls) and ITGC (IT General Controls). The ideal candidate will bring experience in testing, reviewing, and implementing corrective actions aligned with FISCAM/NIST RMF frameworks.

Key Responsibilities:

• Identify and assess IT control risks, ensuring alignment with ITAC/ITGC best practices.
• Develop and maintain Risk and Control Matrices (RACMs) in support of financial statement audits.
• Conduct end-to-end IT process mapping to strengthen internal control frameworks.
• Design, implement, and/or independently test Tests of Design (TOD) and Tests of Effectiveness (TOE) to address IT control deficiencies.
• Leverage FISCAM, NIST RMF, and related frameworks for audit testing, control reviews, and risk mitigation strategies.
• Evaluate and respond to issued findings, such as Non-Compliance Findings Reports (NFRs) .
• Support corrective action planning and remediation efforts for IT audit risks.

Required Qualifications:

• Strong ability to identify and assess IT controls that mitigate ITAC/ITGC risks.
• Demonstrated experience applying FISCAM/NIST RMF (or equivalent frameworks) in IT control testing and compliance.
• Proven track record in designing and implementing—or independently testing—corrective actions to resolve IT audit findings.
• Expertise in information assurance standards, including NIST RMF, NIST 800-53, FISCAM, DoDI 8500, DoDI 8510, and SSAE-18 AT-C 320 .
• Experience evaluating SOC reports to support financial statement audits.
• Familiarity with reviewing and assessing federal audit findings and their impact on IT risk management.

Preferred Qualifications (Not Required):

• Experience working with Federal and/or DoD clients .
• Knowledge of business process end-to-end mapping .
• Experience conducting federal audits that resulted in an audit opinion or disclaimer of opinion .
• Previous involvement in DoD SSAE-18 AT-C examinations as a service auditor.

Work Location:

• This is a hybrid role requiring the candidate to work onsite 3 days per week at either the Tysons office or a client site in the Greater DC area .

If you have a strong background in IT controls, risk assessment, and compliance within federal or DoD environments, we encourage you to apply!

Job Tags

Similar Jobs