SOC2 & CMMC Internal Auditor Liaison

You will work with our engineers, support representatives, and external auditors to: - Perform complex, senior-level auditing and advisory work to develop a new audit program and processes for SOC2 and Department of Defense (DOD) Cybersecurity Maturity Model Certification (CMMC) / FedRAMP. - Conduct research, benchmarking, examining and reviewing records & financial statements. - Perform data & risk analyses, identify appropriate controls, assess business processes, and evaluate management processes. - Manage the development of an appropriate audit scope, selection of an external auditor, and successful completion of audits annually. - Continuously collect operational documentation and data samples in order to close process gaps or to document accepted risk before a gap becomes a finding. - Maintain relationships with our external auditors to anticipate changes to audit focuses and prepare the organization for them. - Educate the organization about audit requirements, risk analysis and controls, and assist us with integrating best practices into our existing operational framework. - Identify and document corrective actions that need to be taken based on audit reports. - Respond to client requests for documentation of our processes and audit reports. - Understand and follow changes to CUECs from our partners and vendors.

Requirements

You have experience with: - Auditing in accordance with generally accepted auditing standards and risk-based internal auditing. - Basic information technology controls in a cloud environment. - Analyzing, interpreting, and summarizing data, policies, and procedures for effective performance of audit work. - Establishing and maintaining trust-based relationships with internal and external stakeholders. You should... - Have advanced writing and communication skills. - Be willing to apply your skills across our small organization, from the low level (e.g. writing process documentation) to high level (e.g. developing organizational audit plans). - Help us maintain the culture and values of our organization. It would be a plus if you have... - Some experience with DOD cybersecurity requirements and contracts, e.g. NIST 800-171. - Some experience with FedRAMP requirements.