The MITRE Corporation
Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That's because MITRE people are committed to tackling our nation's toughest challenges—and we're committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do. The R&D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We're making a difference every day—working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities for career growth, and a culture of innovation that embraces adaptability, collaboration, technical excellence, and people in partnership. If this sounds like the choice you want to make, then choose MITRE - and make a difference with us.
Roles & Responsibilities:
Government compliance: Ensure audits are in alignment to DFARS, NIST 800-171, FedRAMP, CMMC, or Agency Specific requirements to ensure contract integrity and regulatory adherence.
Risk assessment: Conduct ongoing enterprise-wide risk assessments to identify high-risk areas across IT.
Controls management: Assess the effectiveness of security controls (technical, physical, and administrative) and make recommendations for improvement.
Audit execution: Lead and manage cybersecurity internal audits across federal programs, including planning, fieldwork, reporting, and follow-up.
Reporting: Prepare and deliver clear, concise, and timely IT audit reports and compliance updates to management, the C-suite, and the Audit Committee.
Collaboration: Partner with IT, Security Operations, Risk Management, and Compliance teams to align IT audit plan and findings with agency missions and priorities of the company and audit committee.
Continuous improvement: Work with management to design and implement effective remediation plans, fostering a culture of accountability and operational excellence.
Basic Qualifications:
Typically requires a minimum of 10 years of related experience with a Bachelor’s degree; or 8 years and a Master’s degree; or a PhD with 5 years’ experience; or equivalent combination of related education and work experience.
6+ years of IT/Cybersecurity audit experience, with at least 2 years in a federal contracting or government agency environment.
Direct experience supporting CMMC readiness assessments or other federal cybersecurity compliance initiatives.
Strong knowledge of ITGCs, ICOFR, and audit/control frameworks (COSO, COBIT, NIST, ISO).
Proven ability to present to and build trust with Audit Committees, C-suite executives, and IT leadership (CISO, CIO, etc).
Experience managing outsourced providers and coordinating with external auditors.
This position requires a minimum of 4 days a week on-site.
Preferred Qualifications:
Bachelor’s degree in Information Systems, Cybersecurity, or Computer Science (Master’s a Plus)
Professional certifications: CISA, CPA, CIA, CISSP, or CISM.
8+ years of IT/Cybersecurity audit experience, with at least 6 years in a federal contracting or government agency environment.
Strong communication, relationship-building, and executive presence.
Salary compensation range and midpoint: $136,500 - $170,500 - $204,500 Annual
Work Location Type: Onsite
Commitment to Non-Discrimination All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local or international law.
MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE’s employment process, please email recruitinghelp@mitre.org for general support and collegerecruiting@mitre.org for intern positions. This service is for individuals requiring reasonable accommodation requests. Please note that vendor solicitations will not receive a reply.
Benefits information may be found here (https://careers.mitre.org/us/en/benefits) .
Copyright © 1997-2025, The MITRE Corporation. All rights reserved. MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only.
#J-18808-Ljbffr
Roles & Responsibilities:
Government compliance: Ensure audits are in alignment to DFARS, NIST 800-171, FedRAMP, CMMC, or Agency Specific requirements to ensure contract integrity and regulatory adherence.
Risk assessment: Conduct ongoing enterprise-wide risk assessments to identify high-risk areas across IT.
Controls management: Assess the effectiveness of security controls (technical, physical, and administrative) and make recommendations for improvement.
Audit execution: Lead and manage cybersecurity internal audits across federal programs, including planning, fieldwork, reporting, and follow-up.
Reporting: Prepare and deliver clear, concise, and timely IT audit reports and compliance updates to management, the C-suite, and the Audit Committee.
Collaboration: Partner with IT, Security Operations, Risk Management, and Compliance teams to align IT audit plan and findings with agency missions and priorities of the company and audit committee.
Continuous improvement: Work with management to design and implement effective remediation plans, fostering a culture of accountability and operational excellence.
Basic Qualifications:
Typically requires a minimum of 10 years of related experience with a Bachelor’s degree; or 8 years and a Master’s degree; or a PhD with 5 years’ experience; or equivalent combination of related education and work experience.
6+ years of IT/Cybersecurity audit experience, with at least 2 years in a federal contracting or government agency environment.
Direct experience supporting CMMC readiness assessments or other federal cybersecurity compliance initiatives.
Strong knowledge of ITGCs, ICOFR, and audit/control frameworks (COSO, COBIT, NIST, ISO).
Proven ability to present to and build trust with Audit Committees, C-suite executives, and IT leadership (CISO, CIO, etc).
Experience managing outsourced providers and coordinating with external auditors.
This position requires a minimum of 4 days a week on-site.
Preferred Qualifications:
Bachelor’s degree in Information Systems, Cybersecurity, or Computer Science (Master’s a Plus)
Professional certifications: CISA, CPA, CIA, CISSP, or CISM.
8+ years of IT/Cybersecurity audit experience, with at least 6 years in a federal contracting or government agency environment.
Strong communication, relationship-building, and executive presence.
Salary compensation range and midpoint: $136,500 - $170,500 - $204,500 Annual
Work Location Type: Onsite
Commitment to Non-Discrimination All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local or international law.
MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE’s employment process, please email recruitinghelp@mitre.org for general support and collegerecruiting@mitre.org for intern positions. This service is for individuals requiring reasonable accommodation requests. Please note that vendor solicitations will not receive a reply.
Benefits information may be found here (https://careers.mitre.org/us/en/benefits) .
Copyright © 1997-2025, The MITRE Corporation. All rights reserved. MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only.
#J-18808-Ljbffr