Audit Facilitation Specialist

Audit Facilitation Specialist 

(IT Security-Journey)

Join an exciting team!

Washington Technology Solutions (WaTech) is a national leader in adopting new, innovative technologies that transform the way Washingtonians receive state services. WaTech sets the strategic technology direction of the state in multiple domains and programs and is responsible for the state's core technology services.

About the position

This position is a member of WaTech's Information Security Services (ISS) team within the Office of Cybersecurity. ISS primarily focuses on the security and compliance of WaTech and the internally and externally hosted enterprise information systems of the small agencies we support. This position reports to the WaTech Chief Information Security Officer (CISO).

As the Audit Facilitation Specialist, you will be relied on to provide audit facilitation and coordination between external auditing entities, WaTech and our supported small agencies. In this position you will serve as a facilitator, audit planner, coordinator, and audit consultant to support the many federal and state audits required of our organization. Furthermore, you will be responsible for ensuring that technology systems used within our agencies are implemented securely and remain clear of cyber threats and vulnerabilities which can impact their availability. This is accomplished by performing risk and security assessments of proposed technology solutions.

Some of what to expect with this role:

• Lead pre-audit planning by collaborating with security auditing teams and the audited agency to define the audit scope and determine the security standards to be used.

• Serve as the WaTech liaison to technical and business teams, providing audit support and oversight for state and federal compliance-related activities.

• Provide audit facilitation support to auditing teams from the State Auditor's Office (SAO), other Washington state security policy auditing entities, Social Security Administration, IRS Federal Tax Information, and Criminal Justice Information Systems (CJIS).

• Create and oversee effective, actionable plans to ensure compliance in areas where deficiencies are present.

• Document audit findings, including identified risks, vulnerabilities, and control deficiencies, and communicate them effectively to key interested parties.

• Actively engage with interested parties within and across multiple organizations to identify, select, tailor, implement, document, and assess the security controls implemented to protect a system and/or the organization.

• Create pre- and post-audit reports for senior management and other interested parties.

• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.

Here's what we're looking for:

• Six or more years (full-time equivalent) of combined experience in two or more of the following focus areas:

• Compliance and regulatory frameworks (Such as NIST CSF, NIST 800- 53, CJIS Security Policy)

• Security audit facilitation

• Conducting cyber risk and security assessments of technology systems.

• Developing, installing, and/or maintaining technology systems, network infrastructure, network server systems, and application systems.

A bachelor's degree in computer science, business administration, information security or related field may substitute for up to four years' experience, and an associate degree may substitute for up to two years of the required experience.

• Two years of combined experience with NIST SP 800-53, Center for Internet Security benchmarks and controls, or NIST Cybersecurity Framework (CSF).

• One year of experience with developing and managing Plans of Action and Milestone (POAM) or similar action plans.

Preference may be granted to applicants with the following:

• A master's degree in cybersecurity, cybersecurity operations, or a closely related field.

• Two or more years of work experience supporting information security audits for a government or heavily regulated organization.

• Industry-standard certification such as Internal Audit Practitioner (IAP), CISSP, CISA, CCSP, CISM, or similar.

We value diversity and different perspectives:

WaTech is committed to providing equal access and opportunities to all qualified applicants and employees. We seek to attract and retain a diverse staff and welcome your experiences, perspectives, and unique identity.

What WaTech Offers:

As an employee of WaTech, you'll have access to an outstanding employee benefits package that includes medical and dental plan options for you and your family, paid leave and holidays, retirement plan options and more.

While WaTech is headquartered in Olympia, Washington, which is near some of the country's most scenic national parks, we are able to offer many of our positions telework and flexible schedule options to help support a healthy work life balance.

To learn more about WaTech, and what our employees enjoy about working here, please visit our website.

How to apply:

Applications for this recruitment will be accepted electronically. Please select the large "apply button" at the top of this announcement. You may need to create a profile and account in Washington state's automated application system. We invite you to include your name and pronouns in your material to ensure we address you correctly throughout the application process.

To be considered for this position you will need to:

• Submit your online application.

• Answer all required Supplemental Questions.

• Attach a Letter of Interest that addresses how your experience qualifies you for this role.

• Attach a Resume that clearly documents the work history, training, and education that makes you a viable and competitive candidate for this position.

• Include Three professional references and their contact information.

Applicants wishing to claim Veterans Preference should attach a copy of their DD-214 (Member 4 copy), NGB 22, or signed verification of service letter from the United States Department of Veterans Affairs to their application. (Please redact any personally identifiable data such as social security number prior to submittal.)

Note: Applications without the requested attachments identified above or containing supplemental question responses with comments such as "see resume" may lead to your application being disqualified from consideration.

Conditions of employment:

This position requires a background check. Information from the background check will not necessarily preclude employment but will be considered in determining the applicant's suitability and competence to perform in the position and is a continued condition of employment.

Recruitment process:

First round of application assessments will be conducted seven days after the initial job posting date. The hiring authority reserves the right to offer the position at any time after the initial seven-day job posting date during the recruitment process. It is to the applicant's advantage to apply as early as possible. This recruitment may be used to fill multiple positions.

Contact us: For inquiries about this position, please contact Rebekah Wilkes at (360) 407-8646 or email to Rebekah.Wilkes@WaTech.wa.gov

Persons requiring accommodation in the application process or for an alternative format may contact Human Resources at (360) 407-8242 or Human.Resources@watech.wa.gov. Persons of disability or those who are deaf or hard of hearing can call the Washington Relay Service by dialing 7-1-1 or 1-800-833-6388. WaTech complies with the employment eligibility verification requirements of the federal Form I-9. The selected candidate must be able to provide proof of identity and eligibility to work in the United States consistent with the requirements of that form on the first day of employment.