MITRE
Overview
Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. MITRE is a not-for-profit corporation chartered to work for the public interest with no commercial conflicts. We operate R&D centers for the government to create lasting impact in cybersecurity, healthcare, aviation, defense, and enterprise transformation. We offer competitive benefits, professional development opportunities, and a culture of innovation that values adaptability, collaboration, technical excellence, and partnerships. Department Summary
We are seeking an
IT Audit & Controls, Principal
to lead and execute comprehensive information technology and cybersecurity audits and risk assessments within a complex federal environment. This role serves as a trusted advisor to the Director of Internal Audit, Senior Leadership, and the Audit Committee. This role will act as an individual contributor overseeing the outsourced Internal Audit function while performing targeted in-house IT audit and compliance activities. Responsibilities
Government compliance: Ensure audits are in alignment to DFARS, NIST 800-171, FedRAMP, CMMC, or Agency Specific requirements to ensure contract integrity and regulatory adherence. Risk assessment: Conduct ongoing enterprise-wide risk assessments to identify high-risk areas across IT. Controls management: Assess the effectiveness of security controls (technical, physical, and administrative) and make recommendations for improvement. Audit execution: Lead and manage cybersecurity internal audits across federal programs, including planning, fieldwork, reporting, and follow-up. Reporting: Prepare and deliver clear, concise, and timely IT audit reports and compliance updates to management, the C-suite, and the Audit Committee. Collaboration: Partner with IT, Security Operations, Risk Management, and Compliance teams to align IT audit plan and findings with agency missions and priorities of the company and audit committee. Continuous improvement: Work with management to design and implement effective remediation plans, fostering a culture of accountability and operational excellence. Basic Qualifications
Typically requires a minimum of 10 years of related experience with a Bachelor’s degree; or 8 years and a Master’s degree; or a PhD with 5 years’ experience; or equivalent combination of related education and work experience. 6+ years of IT/Cybersecurity audit experience, with at least 2 years in a federal contracting or government agency environment. Strong knowledge of ITGCs, ICOFR, and audit/control frameworks (COSO, COBIT, NIST, ISO). Proven ability to present to and build trust with Audit Committees, C-suite executives, and IT leadership (CISO, CIO, etc). Experience managing outsourced providers and coordinating with external auditors. This position requires a minimum of 4 days a week on-site. Preferred Qualifications
Bachelor’s degree in Information Systems, Cybersecurity, or Computer Science (Master’s a Plus) Professional certifications: CISA, CPA, CIA, CISSP, or CISM. Direct experience supporting CMMC readiness assessments or other federal cybersecurity compliance initiatives. 8+ years of IT/Cybersecurity audit experience, with at least 6 years in a federal contracting or government agency environment. Strong communication, relationship-building, and executive presence. Clearance
This requisition requires the candidate to have no specific clearance on file; none is required at this time. If applicable, the hired candidate must obtain the required clearance within one year from the date of hire. Salary
Salary compensation range and midpoint: $136,500 - $170,500 - $204,500 Annual Work Location
Onsite It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. Commitment to Non-Discrimination
All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local or international law. MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE’s employment process, please email recruitinghelp@mitre.org for general support and collegerecruiting@mitre.org for intern positions. This service is for individuals requiring reasonable accommodation requests. Please note that vendor solicitations will not receive a reply. Benefits information may be found here.
#J-18808-Ljbffr
Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. MITRE is a not-for-profit corporation chartered to work for the public interest with no commercial conflicts. We operate R&D centers for the government to create lasting impact in cybersecurity, healthcare, aviation, defense, and enterprise transformation. We offer competitive benefits, professional development opportunities, and a culture of innovation that values adaptability, collaboration, technical excellence, and partnerships. Department Summary
We are seeking an
IT Audit & Controls, Principal
to lead and execute comprehensive information technology and cybersecurity audits and risk assessments within a complex federal environment. This role serves as a trusted advisor to the Director of Internal Audit, Senior Leadership, and the Audit Committee. This role will act as an individual contributor overseeing the outsourced Internal Audit function while performing targeted in-house IT audit and compliance activities. Responsibilities
Government compliance: Ensure audits are in alignment to DFARS, NIST 800-171, FedRAMP, CMMC, or Agency Specific requirements to ensure contract integrity and regulatory adherence. Risk assessment: Conduct ongoing enterprise-wide risk assessments to identify high-risk areas across IT. Controls management: Assess the effectiveness of security controls (technical, physical, and administrative) and make recommendations for improvement. Audit execution: Lead and manage cybersecurity internal audits across federal programs, including planning, fieldwork, reporting, and follow-up. Reporting: Prepare and deliver clear, concise, and timely IT audit reports and compliance updates to management, the C-suite, and the Audit Committee. Collaboration: Partner with IT, Security Operations, Risk Management, and Compliance teams to align IT audit plan and findings with agency missions and priorities of the company and audit committee. Continuous improvement: Work with management to design and implement effective remediation plans, fostering a culture of accountability and operational excellence. Basic Qualifications
Typically requires a minimum of 10 years of related experience with a Bachelor’s degree; or 8 years and a Master’s degree; or a PhD with 5 years’ experience; or equivalent combination of related education and work experience. 6+ years of IT/Cybersecurity audit experience, with at least 2 years in a federal contracting or government agency environment. Strong knowledge of ITGCs, ICOFR, and audit/control frameworks (COSO, COBIT, NIST, ISO). Proven ability to present to and build trust with Audit Committees, C-suite executives, and IT leadership (CISO, CIO, etc). Experience managing outsourced providers and coordinating with external auditors. This position requires a minimum of 4 days a week on-site. Preferred Qualifications
Bachelor’s degree in Information Systems, Cybersecurity, or Computer Science (Master’s a Plus) Professional certifications: CISA, CPA, CIA, CISSP, or CISM. Direct experience supporting CMMC readiness assessments or other federal cybersecurity compliance initiatives. 8+ years of IT/Cybersecurity audit experience, with at least 6 years in a federal contracting or government agency environment. Strong communication, relationship-building, and executive presence. Clearance
This requisition requires the candidate to have no specific clearance on file; none is required at this time. If applicable, the hired candidate must obtain the required clearance within one year from the date of hire. Salary
Salary compensation range and midpoint: $136,500 - $170,500 - $204,500 Annual Work Location
Onsite It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. Commitment to Non-Discrimination
All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local or international law. MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE’s employment process, please email recruitinghelp@mitre.org for general support and collegerecruiting@mitre.org for intern positions. This service is for individuals requiring reasonable accommodation requests. Please note that vendor solicitations will not receive a reply. Benefits information may be found here.
#J-18808-Ljbffr