Cybersecurity Audit Lead - Military veterans preferred

ManTech (


  full-time   employee

District of Columbia
United States

Secure our Nation, Ignite your Future

Become an integral part of a diverse team while working at an Industry Leading Organization, where our employees come first.  At ManTech International Corporation, you’ll help protect our national security while working on innovative projects that offer opportunities for advancement.

Currently, ManTech is seeking a motivated, career and customer-oriented Cybersecurity Audit Lead to join our team in Washington, DC.

Responsibilities include, but are not limited to:

The successful candidate will oversee a team of cybersecurity professionals who perform and participate in cybersecurity related audits to evaluate the status of the customer’s IT security governance structure and the security assessment and authorization methodology. Performance is evaluated according to the NIST Cybersecurity Framework five (5) functions, which consist of identify, protect, detect, respond, and recover. In addition, these audits typically encompass eight areas of a cybersecurity program: risk management, configuration management, identity credential and access management, security and privacy training, continuous monitoring, incident response, contingency planning, and Contractor systems.  Responsibilities include:

  • Develop methods to monitor and measure risk, compliance, and assurance efforts
  • Provide ongoing optimization and problem-solving support
  • Provide recommendations for possible improvements and upgrades
  • Review or conduct audits of information technology (IT) programs and projects
  • Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements
  • Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up
  • Conduct import/export reviews for acquiring systems and software
  • Ensure that supply chain, system, network, performance, and cybersecurity requirements are included in contract language and delivered
  • Support the analysis of internal and external audit reports and in the preparation of agency responses and remediation plans to address the identified issues
  • Prepare for, plan, and attend external auditor kick-off meetings
  • Gather, evaluate, and submit artifacts requested by internal or external auditors by required due date(s)
  • Maintain a repository of the requests and responses and an Audit Tracker Report (ATR) to track key audit status information including audit receipt, due date(s), and completion date(s)
  • Utilize Enterprise Governance, Risk, and Compliance (eGRC) tool to store and obtain audit data, collect artifacts, develop metrics, and respond to requests from auditors
  • Research audit requests, work with responsible party (Control Owner) to respond, and document results
  • Prepare and author thorough and complex responses for auditors that meet all relevant requirements of interagency and official agency artifacts
  • Respond to all inquiries and requests for audits within the specified timeframe by consistently meeting due dates and deadlines
  • Perform as the Audit Liaison with the Information System Security Officers (ISSOs) to request feedback on information required to review the security information, access controls, collect artifacts such as the SSP, and collect, clarify, to deliver general information about system as required
  • Maintain list of Audit subject matter experts (SMEs), Control Owners, and point of contacts
  • Identify audit risks and coordinate with stakeholders to respond to audit requests
  • Schedule, gather relevant audit information, participate in audit meetings, document and maintain meeting minutes, and summarize action items and deliverables required to adhere to audit requests timely
  • Prepare and report on audits and risks regularly and accurately

Basic Qualifications:

  • Bachelor’s degree in computer science, cybersecurity, information technology, software engineering, information systems, or computer engineering
  • 8-10-years of experience in Auditing in addition to certification in Certified Information Security Manager (CISM) and Certified Information Systems Security Professional (CISSP)
  • Experience leading the facilitation of audit activities with internal and external auditors
  • Possess experience in federal audit reporting and possess technical expertise and analytical skills to support complete, timely and high-quality deliverables
  • Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions)
  • Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL])
  • Knowledge of how to leverage research and development centers, think tanks, academic research, and industry systems
  • Knowledge of information technology (IT) acquisition/procurement requirements
  • Knowledge of the acquisition/procurement life cycle process
  • Prior information assurance experience

Preferred Qualifications:

  • Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system
  • Skill in conducting audits or reviews of technical systems
  • Skill to translate, track, and prioritize information needs and intelligence collection requirements across the extended enterprise
  • Ability to ensure security practices are followed throughout the acquisition process
  • Certifications that address security and risk management, asset security, security engineering, communications and network security, identity and access management, security assessment and testing, security operations, software development security, information security governance, information risk management
  • Certifications addressing advanced systems management, systems administration, system certification, risk analysis, building a business case beyond ROI, principles of leadership and how the CIO uses them to strengthen the IT alignment process, and corporate political communications and corporate political capital may substitute education

Security Clearance Requirements:

  • None

For all positions requiring access to technology/software source code that is subject to export control laws, employment with the company is contingent on either verifying U.S.-person status or obtaining any necessary license. The applicant will be required to answer certain questions for export control purposes, and that information will be reviewed by compliance personnel to ensure compliance with federal law. ManTech may choose not to apply for a license for such individuals whose access to export-controlled technology or software source code may require authorization and may decline to proceed with an applicant on that basis alone.

ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.

If you require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please contact ManTech's Corporate EEO Department at (703) 218-6000. ManTech is an affirmative action/equal opportunity employer - minorities, females, disabled and protected veterans are urged to apply. ManTech's utilization of any external recruitment or job placement agency is predicated upon its full compliance with our equal opportunity/affirmative action policies. ManTech does not accept resumes from unsolicited recruiting firms. We pay no fees for unsolicited services.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access as a result of your disability. To request an accommodation please click and provide your name and contact information.