Cybersecurity Audit Manager (Mid)

Overview Kentro is hiring for a Cybersecurity Audit Manager to coordinate and support all phases of cybersecurity-related audit engagements across DOC. The role serves as the central liaison for planning, evidence curation, packaged responses, and follow-up actions. It includes OIG/GAO engagements, annual FISMA activities, OMB A-123/FMFIA internal controls assessments, and cybersecurity elements of the Annual Financial Statement Audit. The manager coordinates audits and does not perform formal control testing or own remediation.

Additional responsibilities include coordinating the continuous assessment of audit risks, forecasting audit-relevant risks from emerging technologies and external threats, and driving measurable improvements in cybersecurity posture.

Location: Hybrid in Washington, D.C.

Salary Range: $90,000-$100,000 annually.

Responsibilities Cybersecurity Audit Management

Lead planning, coordination, and tracking of cybersecurity audits and assessments, including FISMA, OMB A-123, FMFIA, and OIG and GAO engagements.

Maintain the cybersecurity audit risk register, tracking risks, remediation plans, owners, milestones, and progress.

Prepare packaged responses, corrective action plans (CAPs), audit artifacts, and closure documentation for delivery to oversight bodies.

Develop or update audit playbooks, process documents, and guidance materials to standardize readiness and engagement execution.

Coordinate entrance/exit conferences, walkthroughs, interviews, site visits; manage information requests and due dates.

Support development of risk summaries, dashboards, and program-level reporting (e.g., status of audit activities, open items, milestones).

Risk, Compliance & Alignment

Monitor risks tied to High Value Assets (HVAs) and audit findings, providing periodic updates to leadership.

Ensure coordination activities align with NIST RMF, NIST CSF, FISMA, applicable OMB guidance, and DOC cybersecurity policies.

Track known weaknesses and recommendations to inform audit readiness and evidence planning.

Stakeholder Engagement

Serve as the primary liaison among OCRM, OCOS, ESOC, DOC Operating Units, auditors, and assessment teams.

Provide clear communication, regular status updates, and issue escalation as needed to maintain schedule and quality.

Develop concise briefings and summaries for leadership and audit stakeholders at key milestones (entrance, fieldwork, exit, close-out).

Tools & Platforms

Utilize CSAM (GRC) as the system of record for system security documentation and status.

Manage engagement workflow and artifacts through the DOC Audit Management System (ServiceNow); maintain request logs, evidence, and dashboards.

Use collaboration/reporting tools (e.g., SharePoint, Excel/Power BI, MS Project) for repository management, trackers, and executive-ready summaries.

Qualifications

Bachelor's degree in Cybersecurity, Information Assurance, Information Systems, or closely related field; or equivalent experience.

5+ years coordinating Federal cybersecurity audits or oversight engagements (OIG, GAO, FISMA, A-123/FMFIA, financial statement audits).

Demonstrated ability to manage complex audit calendars, artifacts, and multi-stakeholder coordination under tight deadlines.

Strong writing and communication skills to synthesize technical topics into accurate packaged responses and briefings.

Qualifications And Certifications

Required: Bachelor's degree in Cybersecurity/Information Assurance/Information Systems or closely related field.

Preferred: PMP or FAC/PPM equivalent certification, CompTIA Security+ (or higher DoD 8570/8140-aligned baseline).

Key Competencies

Audit coordination & stakeholder management

Evidence curation discipline and accuracy

Clear written communication; executive-ready summarization

Attention to detail; confidentiality and records stewardship

Clearance Requirement

US Citizen or Green card holder

Ability to obtain and maintain Public Trust adjudication.

Must meet updated ID requirements: https://www.gsa.gov/technology/it-contract-vehicles-and-purchasing-programs/federal-credentialing-services/get-appointment-help/bring-required-documents If you do not currently meet the ID requirements outlined, you must be willing and able to update your current forms of ID in a timely manner to complete the suitability process successfully.

Benefits Kentro offers a competitive benefits package that includes paid time off, healthcare benefits, supplemental benefits, a 401k with employer match, discount perks, rewards, and more. All employees are eligible for education reimbursement for certifications, degrees, or professional development, with amounts subject to IRS limitations.

Kentro invests in employees' professional growth and offers flexibility for courses, certifications, and other development opportunities. The organization supports a culture that encourages continuous learning and collaboration.

We allocate funds for activities such as happy hours, holiday events, fitness & wellness events, and annual celebrations. In addition, Kentro supports community service through charity galas and events.

Equal Opportunity & VEVRAA Kentro is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state or local law. Kentro is strongly committed to compliance with VEVRAA and other applicable laws governing equal employment opportunity.