IT Audit Specialist
Northern VA Community College, Richmond, VA, United States
Posting Details
Posting Summary
Working Title
IT Audit Specialist
Role Title
Info Technology Specialist II
Role Code
39112-FP
FLSA
Exempt
Pay Band
05
Position Number
28000879
Agency
Northern VA Community College
Division
NV280-VP of College Computing
Work Location
Fairfax County - 059
Hiring Range
Commensurate with Experience (up to $115,000 max)
Emergency/Essential Personnel
No
EEO Category
5-Paraprofessionals
Full Time or Part Time
Full Time
Does this position have telework options? -Telework options are subject to change based on business needs-
Does this position have a bilingual or multilingual skill requirement or preference?
Work Schedule
Monday - Friday schedule; 8 hours daily.
Sensitive Position
No
Job Description
General Description:
Their responsibility is to evaluate and ensure the effectiveness, security, and compliance of College Computing information technology systems, processes, and controls. This role is a core Security Operations and Risk Architecture position focused on strengthening infrastructure resilience and system integrity. Their work is essential for safeguarding digital assets, maintaining regulatory compliance, and identifying areas of improvement within IT infrastructure. The role supports regular system access reviews and drives the human-defense layer via continuous security training. By optimizing incident response playbooks and managing technical third-party risk, this position is vital for neutralizing vulnerabilities, minimizing downtime, and proactively engineering a more secure IT infrastructure.
Duties Responsibilities
Ensure IT operations comply with relevant laws, regulations, and standards (e.g., GDPR, HIPAA, FERPA, NIST CSF).
Collaborate with technical teams to validate controls, collect evidence, and maintain the official Compliance Tracker.
Third Party & Supplier Risk Assessments :
Perform vendor reviews, document findings, and support risk mitigation activities.
BIA and Risk Assessments: Collaborate on technical impact analyses to align system recovery objectives with operational requirements and continuity profiles.
KnowBe4 Platform Operations: Orchestrate automated security training workflows and analyze engagement metrics to quantify and reduce human-centric risk.
Phishing Assessments (MS Attack Simulator): Leverage MS Attack Simulator to execute controlled social engineering tests, using the data to harden email security filters and user response protocols.
Incident Response (IR) Playbooks & IR Plan :
Update and standardized playbooks in alignment with NIST CSF; ensure quarterly reviews and accessibility for stakeholders.
IR Tabletop Exercises: Facilitate technical tabletop simulations to identify process bottlenecks, documenting "lessons learned" to optimize future response speed.
Identity & Access Management (AD): Review & evaluate Active Directory to enforce the Principle of Least Privilege (PoLP) and remediate unauthorized access paths.
CIS Controls Assessments & CSAT Tool: Conduct internal assessments to measure control maturity and drive technical roadmap improvements.
Control Validation: Develop and maintain a centralized dashboard to track security control health and document the verification of technical safeguards.
POA&M Maintenance: Manage the technical remediation pipeline, coordinating with cross-functional teams to patch security gaps and close open vulnerabilities.
Special Assignments
May be required to perform other duties as assigned. May be required to assist the agency or state government generally in the event of an emergency declaration by the Governor.
KSA's/Required Qualifications
KSA Requirements:
Knowledge of IT infrastructure, networks, applications, and cybersecurity principles.
Demonstrated analytical skills and attention to detail in reviewing processes, documentation, and managing evidence.
Capable of clear, concise reporting to both technical and non-technical stakeholders.
Ability to collaborate with technical teams to validate controls, collect evidence, and maintain the official Compliance Tracker.
Ability to manage and maintain audit documentation and evidence repositories, ensuring organization and accessibility for internal and external reviews.
Ability to Identify potential vulnerabilities and risks; contribute to annual Business Impact Analysis (BIA) and Risk Assessments.
Minimum Work Experience:
Experience with major security frameworks (e.g., NIST CSF, CIS Controls).
Experience in IT audit, security, risk management, or compliance.
Experience with Microsoft Office
Additional Considerations
Additional Considerations:
Professional certification such as CISA (Certified Information Systems Auditor).
Operation of a State Vehicle
No
Supervises Employees
No
Required Travel
n/a
Posting Detail Information
Posting Number
CLS_4421P
Recruitment Type
General Public - G
Number of Vacancies
1
Position End Date (if temporary)
Job Open Date
04/24/2026
Job Close Date
05/08/2026
Open Until Filled
Agency Website
www.nvcc.edu
Contact Name
Email
Phone Number
Special Instructions to Applicants
In support of the Commonwealth's commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth's Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly called a Certificate of Disability) provided by the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans may also apply via the AHP if they also provide an AHP Letter. To request an AHP Letter, use this link:
https://www.dars.virginia.gov/drs/cpid/PWContact.aspx
or call DARS at 800-552-5019, or DBVI at 800-622-2155
Additional Information
Northern Virginia Community College (NOVA) is the largest public institution of higher education in the Commonwealth of Virginia and one of the largest community colleges in the nation. NOVA enrolls nearly 75,000 students on its six campuses in Alexandria, Annandale, Sterling, Manassas, Springfield, and Woodbridge, as well as through NOVA Online and high school dual enrollment programs. The College offers more than 100 affordable associate degree and certificate programs to help our students reach their academic and professional goals in some of the most in-demand careers.
At NOVA, we are deeply committed to fostering an inclusive community for all students, faculty, and staff, and our diverse workforce is representative of this commitment. To this end, we encourage all applicants seeking to add value through their diverse backgrounds, experiences, and interests to consider employment opportunities with NOVA. To learn more about NOVA's commitment to inclusive excellence, please visit
our website .
NOVA offers eligible employees a benefits package that includes a comprehensive health and dental insurance program, generous paid leave, deferred compensation plans, paid parental leave, state employee discounts, and a solid and secure retirement program.
We strive to ensure our employees have the tools and development opportunities to support and promote NOVA's mission. For more information about NOVA and its programs and services, please visit our website at
www.nvcc.edu .
The security of our students, faculty, and staff is very important at NOVA. Please take a moment to review
NOVA's Annual Security Reports .
Background Check Statement Disclaimer
The selected candidate's offer is contingent upon the successful completion of a criminal background investigation, which may include: fingerprint checks, local agency checks, employment verification, verification of education, credit checks (relevant to employment). Additionally, selected candidates may be required to complete the Commonwealth's Statement of Economic Interest. For more information, please follow this link: http://ethics.dls.virginia.gov/
EEO Statement
The Virginia Community College System (VCCS) provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, political affiliation, veteran status, sexual orientation, gender identity or other non-merit factors.
ADA Statement
The Virginia Community College System (VCCS) is an Equal Employment Opportunity employer and complies with the Americans with Disabilities Acts (ADA and ADAAA), to provide, reasonable accommodation to applicants in need of access to the application, interviewing, and selection processes when requested.
E-Verify Statement
VCCS uses E-Verify to check employee eligibility to work in the United States. You will be required to complete an I-9 form and provide documentation of your identity for employment purposes.
Quicklink for Posting
https://jobs.vccs.edu/postings/95531
Posting Summary
Working Title
IT Audit Specialist
Role Title
Info Technology Specialist II
Role Code
39112-FP
FLSA
Exempt
Pay Band
05
Position Number
28000879
Agency
Northern VA Community College
Division
NV280-VP of College Computing
Work Location
Fairfax County - 059
Hiring Range
Commensurate with Experience (up to $115,000 max)
Emergency/Essential Personnel
No
EEO Category
5-Paraprofessionals
Full Time or Part Time
Full Time
Does this position have telework options? -Telework options are subject to change based on business needs-
Does this position have a bilingual or multilingual skill requirement or preference?
Work Schedule
Monday - Friday schedule; 8 hours daily.
Sensitive Position
No
Job Description
General Description:
Their responsibility is to evaluate and ensure the effectiveness, security, and compliance of College Computing information technology systems, processes, and controls. This role is a core Security Operations and Risk Architecture position focused on strengthening infrastructure resilience and system integrity. Their work is essential for safeguarding digital assets, maintaining regulatory compliance, and identifying areas of improvement within IT infrastructure. The role supports regular system access reviews and drives the human-defense layer via continuous security training. By optimizing incident response playbooks and managing technical third-party risk, this position is vital for neutralizing vulnerabilities, minimizing downtime, and proactively engineering a more secure IT infrastructure.
Duties Responsibilities
Ensure IT operations comply with relevant laws, regulations, and standards (e.g., GDPR, HIPAA, FERPA, NIST CSF).
Collaborate with technical teams to validate controls, collect evidence, and maintain the official Compliance Tracker.
Third Party & Supplier Risk Assessments :
Perform vendor reviews, document findings, and support risk mitigation activities.
BIA and Risk Assessments: Collaborate on technical impact analyses to align system recovery objectives with operational requirements and continuity profiles.
KnowBe4 Platform Operations: Orchestrate automated security training workflows and analyze engagement metrics to quantify and reduce human-centric risk.
Phishing Assessments (MS Attack Simulator): Leverage MS Attack Simulator to execute controlled social engineering tests, using the data to harden email security filters and user response protocols.
Incident Response (IR) Playbooks & IR Plan :
Update and standardized playbooks in alignment with NIST CSF; ensure quarterly reviews and accessibility for stakeholders.
IR Tabletop Exercises: Facilitate technical tabletop simulations to identify process bottlenecks, documenting "lessons learned" to optimize future response speed.
Identity & Access Management (AD): Review & evaluate Active Directory to enforce the Principle of Least Privilege (PoLP) and remediate unauthorized access paths.
CIS Controls Assessments & CSAT Tool: Conduct internal assessments to measure control maturity and drive technical roadmap improvements.
Control Validation: Develop and maintain a centralized dashboard to track security control health and document the verification of technical safeguards.
POA&M Maintenance: Manage the technical remediation pipeline, coordinating with cross-functional teams to patch security gaps and close open vulnerabilities.
Special Assignments
May be required to perform other duties as assigned. May be required to assist the agency or state government generally in the event of an emergency declaration by the Governor.
KSA's/Required Qualifications
KSA Requirements:
Knowledge of IT infrastructure, networks, applications, and cybersecurity principles.
Demonstrated analytical skills and attention to detail in reviewing processes, documentation, and managing evidence.
Capable of clear, concise reporting to both technical and non-technical stakeholders.
Ability to collaborate with technical teams to validate controls, collect evidence, and maintain the official Compliance Tracker.
Ability to manage and maintain audit documentation and evidence repositories, ensuring organization and accessibility for internal and external reviews.
Ability to Identify potential vulnerabilities and risks; contribute to annual Business Impact Analysis (BIA) and Risk Assessments.
Minimum Work Experience:
Experience with major security frameworks (e.g., NIST CSF, CIS Controls).
Experience in IT audit, security, risk management, or compliance.
Experience with Microsoft Office
Additional Considerations
Additional Considerations:
Professional certification such as CISA (Certified Information Systems Auditor).
Operation of a State Vehicle
No
Supervises Employees
No
Required Travel
n/a
Posting Detail Information
Posting Number
CLS_4421P
Recruitment Type
General Public - G
Number of Vacancies
1
Position End Date (if temporary)
Job Open Date
04/24/2026
Job Close Date
05/08/2026
Open Until Filled
Agency Website
www.nvcc.edu
Contact Name
Phone Number
Special Instructions to Applicants
In support of the Commonwealth's commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth's Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly called a Certificate of Disability) provided by the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans may also apply via the AHP if they also provide an AHP Letter. To request an AHP Letter, use this link:
https://www.dars.virginia.gov/drs/cpid/PWContact.aspx
or call DARS at 800-552-5019, or DBVI at 800-622-2155
Additional Information
Northern Virginia Community College (NOVA) is the largest public institution of higher education in the Commonwealth of Virginia and one of the largest community colleges in the nation. NOVA enrolls nearly 75,000 students on its six campuses in Alexandria, Annandale, Sterling, Manassas, Springfield, and Woodbridge, as well as through NOVA Online and high school dual enrollment programs. The College offers more than 100 affordable associate degree and certificate programs to help our students reach their academic and professional goals in some of the most in-demand careers.
At NOVA, we are deeply committed to fostering an inclusive community for all students, faculty, and staff, and our diverse workforce is representative of this commitment. To this end, we encourage all applicants seeking to add value through their diverse backgrounds, experiences, and interests to consider employment opportunities with NOVA. To learn more about NOVA's commitment to inclusive excellence, please visit
our website .
NOVA offers eligible employees a benefits package that includes a comprehensive health and dental insurance program, generous paid leave, deferred compensation plans, paid parental leave, state employee discounts, and a solid and secure retirement program.
We strive to ensure our employees have the tools and development opportunities to support and promote NOVA's mission. For more information about NOVA and its programs and services, please visit our website at
www.nvcc.edu .
The security of our students, faculty, and staff is very important at NOVA. Please take a moment to review
NOVA's Annual Security Reports .
Background Check Statement Disclaimer
The selected candidate's offer is contingent upon the successful completion of a criminal background investigation, which may include: fingerprint checks, local agency checks, employment verification, verification of education, credit checks (relevant to employment). Additionally, selected candidates may be required to complete the Commonwealth's Statement of Economic Interest. For more information, please follow this link: http://ethics.dls.virginia.gov/
EEO Statement
The Virginia Community College System (VCCS) provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, political affiliation, veteran status, sexual orientation, gender identity or other non-merit factors.
ADA Statement
The Virginia Community College System (VCCS) is an Equal Employment Opportunity employer and complies with the Americans with Disabilities Acts (ADA and ADAAA), to provide, reasonable accommodation to applicants in need of access to the application, interviewing, and selection processes when requested.
E-Verify Statement
VCCS uses E-Verify to check employee eligibility to work in the United States. You will be required to complete an I-9 form and provide documentation of your identity for employment purposes.
Quicklink for Posting
https://jobs.vccs.edu/postings/95531