IT Audit & Controls Analyst I- RMF / FISCAM

IT Audit & Controls Analyst I -RMF/FISCAM

Bowhead seeks an IT Audit & Controls Analyst I -RMF/FISCAM to support the AF FIAR contract in Andrews AFB, MD. The IT Audit & Controls Analyst I -RMF/FISCAM will support audit readiness efforts by assessing, testing, and sustaining IT internal controls aligned with FISCAM, NIST 800-53 (RMF), and FIAR guidance. This role focuses on validating control effectiveness, supporting remediation efforts, and ensuring IT systems and processes meet federal financial management and cybersecurity compliance requirements.

• Assess, document, test, and monitor IT general controls (ITGCs) and business process controls
• Perform control re-testing, remediation validation, and sustainment testing following FIAR baseline assessments
• Develop and maintain control documentation, test plans, and results in accordance with audit standards
• Identify control gaps, deficiencies, and risks; support development of corrective actions
• Draft system change requests and define requirements related to system issues (e.g., SIDs, Critical Issues, NFRs)
• Support IT audit readiness efforts, including responding to auditor requests, RFIs, and findings
• Maintain evidence repositories (e.g., SharePoint) to ensure audit traceability and compliance
• Collaborate with IT, cybersecurity, and financial stakeholders to align controls with system functionality and mission requirements
• Support IT system modernization, migration, and implementation efforts from a controls and compliance perspective
• Prepare clear briefings and status reports for technical and non-technical stakeholders
• Other duties as assigned

• Bachelor’s degree in Information Systems, Computer Science, or related field (or 4+ years of relevant experience)
• 2+ years of experience supporting IT audit, controls testing, or compliance efforts
• Experience with FISCAM and/or NIST 800-53 Risk Management Framework (RMF)
• Experience documenting and testing IT controls and supporting remediation activities
• Familiarity with IT system modernization, migration, or ERP implementations
• Understanding of current IT and cybersecurity trends
• Strong analytical, documentation, and communication skills

Preferred Qualifications

• Experience with DoD or Air Force systems and environments
• Familiarity with FIAR guidance and federal financial management system requirements (e.g., OMB A-127)
• Knowledge of Federal Information System Controls Audit Manual (FISCAM) requirements
• Experience with Oracle Federal Financials or similar ERP systems
• Domain knowledge of Foreign Military Sales (FMS) or Security Cooperation processes
• Strong background in audit readiness, remediation, and internal controls

Physical Demands:

• Must be able to lift up to 25 pounds
• Must be able to stand and walk for prolonged amounts of time
• Must be able to twist, bend and squat periodically

SECURITY CLEARANCE REQUIREMENTS: Must be able to maintain a security clearance at the Secret level. US Citizenship is a requirement for this contract.

#LI-JS1