IT Program Auditor

Work Role ID: 805  |  Workforce Element: Cyberspace Enablers (Support) Acquisition

What does this work role do? Conducts evaluations of an IT program or its individual components, to determine compliance with published standards.

KSAT ID Description KSAT
22 * Knowledge of computer networking concepts and protocols, and network security methodologies. Knowledge
108 * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). Knowledge
203 Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system. Skill
537 Develop methods to monitor and measure risk, compliance, and assurance efforts. Task
1002 Skill in conducting audits or reviews of technical systems. Skill
1143A Conduct import/export reviews for acquiring systems and software. Task
1157 * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. Knowledge
1158 * Knowledge of cybersecurity principles. Knowledge
1159 * Knowledge of cyber threats and vulnerabilities. Knowledge
6900 * Knowledge of specific operational impacts of cybersecurity lapses. Knowledge
6935 * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). Knowledge
6938 * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. Knowledge
KSAT ID Description KSAT
62 Knowledge of industry-standard and organizationally accepted analysis principles and methods. Knowledge
68 Knowledge of information technology (IT) architectural concepts and frameworks. Knowledge
69A Knowledge of risk management processes and requirements per the Risk Management Framework (RMF). Knowledge
107 Knowledge of resource management principles and techniques. Knowledge
129 Knowledge of system life cycle management principles, including software security and usability. Knowledge
296 Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise. Knowledge
325A Ability to ensure security practices are followed throughout the acquisition process. Ability
811 Provide ongoing optimization and problem solving support. Task
813 Provide recommendations for possible improvements and upgrades. Task
840B Review or conduct audits of programs and projects. Task
936 Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers). Task
949 Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements. Task
954 Knowledge of import/export control regulations and responsible agencies for the purposes of reducing supply chain risk. Knowledge
979 Knowledge of supply chain risk management standards, processes, and practices. Knowledge
1004A Knowledge of information technology (IT) acquisition/procurement requirements. Knowledge
1021 Knowledge of risk threat assessment. Knowledge
1037 Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures. Knowledge
1061A Knowledge of the acquisition/procurement life cycle process. Knowledge
1125 Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration. Knowledge
1130 Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions). Knowledge
1133 Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]). Knowledge
1136A Knowledge of use cases related to collaboration and content synchronization across platforms (e.g., Mobile, PC, Cloud). Knowledge
1147A Develop data management capabilities (e.g., cloud based, centralized cryptographic key management) to include support to the mobile workforce. Task
1148B Ensure supply chain, system, network, performance, and cyber security requirements are included in contract language and delivered. Task
5610 Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up. Task
6290 Knowledge of how to leverage government research and development centers, think tanks, academic research, and industry systems. Knowledge
6918 Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments. Ability
6919 Ability to determine the best cloud deployment model for the appropriate operating environment. Ability
6942 Skill in designing or implementing cloud computing deployment models. Skill
6945 Skill in migrating workloads to, from, and among the different cloud computing service models. Skill