IT Audit & Compliance Analyst – Federal Cybersecurity Frameworks

This is a fully remote position, open to applicants in District of Columbia, +1 more state.

📋 Description

• Guidehouse is looking for an IT Audit & Compliance professional to assist our client at a major federal agency in achieving and sustaining compliance with federal cybersecurity frameworks.

• This position emphasizes audit preparation and coordination.

• Facilitate internal and external audit processes across federal information systems, ensuring that teams, schedules, evidence, and documentation are always audit-ready.

• Prepare, maintain, and organize artifacts that are ready for assessment, including SSPs, control narratives, SOPs, POA&Ms, continuous monitoring reports, and structured evidence packages.

• Interpret and implement requirements from federal cybersecurity and audit frameworks, such as: NIST SP 800‑53 (security and privacy controls), NIST SP 800‑37 (RMF), NIST SP 800‑171 (CUI), FISMA, FISCAM, OMB Circular A‑123, FedRAMP, as well as related frameworks like SOC 1/2, HIPAA, the Privacy Act, and IRS Publication 1075.

• Assist in audit readiness tasks by coordinating evidence collection with engineering, ISSO/ISSM, infrastructure, cloud, and application teams.

• Monitor audit findings, manage POA&M items, and facilitate remediation efforts across both technical and business teams.

• Convert technical implementations into clear, assessor-ready documentation through effective technical writing and stakeholder collaboration.

• Draft and enhance policies, procedures, and control narratives, while coordinating teams through internal audits, readiness assessments, and corrective action plans.

⛳️ Requirements

• Must be able to OBTAIN and MAINTAIN a Federal or DoD "PUBLIC TRUST"; candidates are required to secure approved adjudication of their PUBLIC TRUST prior to joining Guidehouse.

• Preferred candidates will have an ACTIVE PUBLIC TRUST or SUITABILITY.

• Bachelor’s degree in information systems, Cybersecurity, Computer Science, Accounting/IS Audit, or a related field pertinent to this project.

• Minimum of three (3) years of experience in IT Audit & Compliance.

• Experience with the implementation or assessment of NIST SP 800‑53 control requirements in production environments (cloud and/or on-premises).

• Familiarity with federal cybersecurity and audit frameworks, which may include NIST SP 800‑37 (RMF), NIST SP 800‑171, FISMA, FISCAM, OMB Circular A‑123, or FedRAMP.

• Proven ability to produce accurate, assessor-ready documentation (including SSPs, procedures/SOPs, control narratives, POA&Ms, ConMon reporting, and evidence packages).

🏝️ Benefits

• Medical, Rx, Dental & Vision Insurance

• Personal and Family Sick Time & Company Paid Holidays

• Position may qualify for a discretionary variable incentive bonus

• Parental Leave and Adoption Assistance

• 401(k) Retirement Plan

• Basic Life & Supplemental Life Insurance

• Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts

• Short-Term & Long-Term Disability Insurance

• Student Loan PayDown Program

• Tuition Reimbursement, Personal Development & Learning Opportunities

• Skills Development & Certifications

• Employee Referral Program

• Corporate Sponsored Events & Community Outreach

• Emergency Back-Up Childcare Program

• Mobility Stipend