Business Transformation Level I
Integrated Finance & Accounting Solutions (IFAS), Andrews Air Force Base Census Designated Place, MD, United S...
Risk Management And Internal Controls Professional
Experienced risk management and internal controls (RMIC) professional with deep experience implementing OMB Circular A-123, GAO Green Book/FAM, and DoD internal control guidance, leveraging eGRC/ServiceNow to produce audit-ready process and control documentation and deliver executive-level briefings. Skilled in driving DAF-wide RMIC progress through organizational change management and cross-stakeholder coordination, while consuming and consolidating large datasets to support enterprise reporting and third-party/IT control monitoring. Technical Skills
Internal control framework execution: design and perform A-123/GAO Green Book/FAM/DoD PCN-aligned control work, including process/control documentation and audit-ready deliverables. Walkthroughs & gap assessment: plan, conduct, and document walkthroughs; perform Process Control Matrix (PCM) analysis to identify and document control gaps and remediation needs. Stakeholder quality & change enablement: provide technical review/standardization feedback across DAF-wide stakeholders; apply change management practices and strong technical writing to mature RMIC artifacts (policies, SOPs, agreements). Communication & Interpersonal Skills
Executive communication: Develop and deliver senior-leader briefings on walkthrough results, findings, recommendations, and RMIC status. Cross-stakeholder facilitation: lead discussions and align requirements across functional/financial teams and DAF-wide/external stakeholders (e.g., IPA, service auditors, AUs, system owners, service providers) Technical writing: Produce clear, concise, audit-ready documentation (e.g., process control matrices (PCMs)) with strong attention to detail and accuracy. Expertise with Regulations and Guidance: Office of Management and Budget (OMB) Circular No. A-123: Management's Responsibility for Enterprise Risk Management and Internal Control Government Accountability Office (GAO) Green Book (GAO-14-704G): Standards for Internal Control in the Federal Government Department of Defense Instruction (DoDI) 5010.40: DoD Enterprise Risk Management and Risk Management and Internal Control (RMIC) Program Additional desired skillsets (nice to haves but not necessarily required): GAO Framework for Managing Fraud Risks (GAO-15-593SP) GAO Financial Audit Manual (FAM) (GAO-22-105895): Vol. 1 (Jun 2024) and Vol. 2 (Jun 2025) Technical Skills
ServiceNow eGRC / Integrated Risk Management (IRM) administration and workflow integration (test & production), including centralized internal controls repository management. Data analytics & reporting: consolidate large, siloed RMIC datasets into enterprise-level reports, executive summaries, visualizations, and annual Statement of Assurance (SoA) deliverables. Third-party/IT controls oversight: assess service-provider controls (including SSAE 18), evaluate materiality, and monitor Complementary User Entity Controls (CUECs) impacting financial reporting. Required qualifications outside of the normal LCAT requirements (required):
Active DOD Secret clearance Bachelor's degree Minimum 4 years of relevant experience
Experienced risk management and internal controls (RMIC) professional with deep experience implementing OMB Circular A-123, GAO Green Book/FAM, and DoD internal control guidance, leveraging eGRC/ServiceNow to produce audit-ready process and control documentation and deliver executive-level briefings. Skilled in driving DAF-wide RMIC progress through organizational change management and cross-stakeholder coordination, while consuming and consolidating large datasets to support enterprise reporting and third-party/IT control monitoring. Technical Skills
Internal control framework execution: design and perform A-123/GAO Green Book/FAM/DoD PCN-aligned control work, including process/control documentation and audit-ready deliverables. Walkthroughs & gap assessment: plan, conduct, and document walkthroughs; perform Process Control Matrix (PCM) analysis to identify and document control gaps and remediation needs. Stakeholder quality & change enablement: provide technical review/standardization feedback across DAF-wide stakeholders; apply change management practices and strong technical writing to mature RMIC artifacts (policies, SOPs, agreements). Communication & Interpersonal Skills
Executive communication: Develop and deliver senior-leader briefings on walkthrough results, findings, recommendations, and RMIC status. Cross-stakeholder facilitation: lead discussions and align requirements across functional/financial teams and DAF-wide/external stakeholders (e.g., IPA, service auditors, AUs, system owners, service providers) Technical writing: Produce clear, concise, audit-ready documentation (e.g., process control matrices (PCMs)) with strong attention to detail and accuracy. Expertise with Regulations and Guidance: Office of Management and Budget (OMB) Circular No. A-123: Management's Responsibility for Enterprise Risk Management and Internal Control Government Accountability Office (GAO) Green Book (GAO-14-704G): Standards for Internal Control in the Federal Government Department of Defense Instruction (DoDI) 5010.40: DoD Enterprise Risk Management and Risk Management and Internal Control (RMIC) Program Additional desired skillsets (nice to haves but not necessarily required): GAO Framework for Managing Fraud Risks (GAO-15-593SP) GAO Financial Audit Manual (FAM) (GAO-22-105895): Vol. 1 (Jun 2024) and Vol. 2 (Jun 2025) Technical Skills
ServiceNow eGRC / Integrated Risk Management (IRM) administration and workflow integration (test & production), including centralized internal controls repository management. Data analytics & reporting: consolidate large, siloed RMIC datasets into enterprise-level reports, executive summaries, visualizations, and annual Statement of Assurance (SoA) deliverables. Third-party/IT controls oversight: assess service-provider controls (including SSAE 18), evaluate materiality, and monitor Complementary User Entity Controls (CUECs) impacting financial reporting. Required qualifications outside of the normal LCAT requirements (required):
Active DOD Secret clearance Bachelor's degree Minimum 4 years of relevant experience