IT Program Auditor

Conducts evaluations of an IT program or its individual components, to determine compliance with published standards.

Tasks

The concrete work activities defined for this role in the DCWF v5.1 spreadsheet. Core tasks are required for the role; additional tasks are associated but not mandatory.

• T1143A additional Conduct import/export reviews for acquiring systems and software.
• T1147A additional Develop data management capabilities (e.g., cloud based, centralized cryptographic key management) to include support to the mobile workforce.
• T1148B additional Ensure supply chain, system, network, performance, and cyber security requirements are included in contract language and delivered.
• T537 additional Develop methods to monitor and measure risk, compliance, and assurance efforts.
• T5610 additional Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up.
• T811 additional Provide ongoing optimization and problem solving support.
• T813 additional Provide recommendations for possible improvements and upgrades.
• T840B additional Review or conduct audits of programs and projects.
• T936 additional Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).
• T949 additional Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.

Knowledge, Skills, and Abilities

KSA statements define what a person filling this role knows or can do. "Knowledge" is what they must know, "Skill" is what they can perform, and "Ability" is a durable capacity they bring to the work.

• K069A knowledge core Knowledge of risk management processes and requirements per the Risk Management Framework (RMF).
• S1002 skill core Skill in conducting audits or reviews of technical systems.
• S203 skill core Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
• A325A ability additional Ability to ensure security practices are followed throughout the acquisition process.
• A6918 ability additional Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments.
• A6919 ability additional Ability to determine the best cloud deployment model for the appropriate operating environment.
• K0062 knowledge additional Knowledge of industry-standard and organizationally accepted analysis principles and methods.
• K0068 knowledge additional Knowledge of information technology (IT) architectural concepts and frameworks.
• K0107 knowledge additional Knowledge of resource management principles and techniques.
• K0129 knowledge additional Knowledge of system life cycle management principles, including software security and usability.
• K0296 knowledge additional Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise.
• K0954 knowledge additional Knowledge of import/export control regulations and responsible agencies for the purposes of reducing supply chain risk.
• K0979 knowledge additional Knowledge of supply chain risk management standards, processes, and practices.
• K1004A knowledge additional Knowledge of information technology (IT) acquisition/procurement requirements.
• K1021 knowledge additional Knowledge of risk threat assessment.
• K1037 knowledge additional Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures.
• K1061A knowledge additional Knowledge of the acquisition/procurement life cycle process.
• K1125 knowledge additional Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.
• K1130 knowledge additional Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions).
• K1133 knowledge additional Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
• K1136A knowledge additional Knowledge of use cases related to collaboration and content synchronization across platforms (e.g., Mobile, PC, Cloud).
• K6290 knowledge additional Knowledge of how to leverage government research and development centers, think tanks, academic research, and industry systems.
• S6942 skill additional Skill in designing or implementing cloud computing deployment models.
• S6945 skill additional Skill in migrating workloads to, from, and among the different cloud computing service models.

Other roles in this element