Posted Jul 13, 2026

IT Audit & Compliance Analyst – Federal Cybersecurity Frameworks

Apply Now
Job Description: • Guidehouse is seeking an IT Audit & Compliance professional to help our client at a large federal agency pursue and maintain compliance with federal cybersecurity frameworks. • This role focuses on audit preparation and coordination. The candidate will: • Coordinate internal and external audit activities across federal information systems, ensuring teams, schedules, evidence, and documentation remain audit‑ready. • Prepare, maintain, and organize assessor‑ready artifacts including SSPs, control narratives, SOPs, POA&Ms, continuous monitoring reports, and structured evidence packages. • Interpret and apply requirements from federal cybersecurity and audit frameworks, including: NIST SP 800‑53 (security and privacy controls), NIST SP 800‑37 (RMF), NIST SP 800‑171 (CUI), FISMA, FISCAM, OMB Circular A‑123, FedRAMP, and adjacent frameworks such as SOC 1/2, HIPAA, the Privacy Act, and IRS Publication 1075. • Support audit readiness activities by coordinating evidence collection with engineering, ISSO/ISSM, infrastructure, cloud, and application teams. • Track audit findings, maintain POA&M items, and facilitate remediation progress across technical and business teams. • Translate technical implementations into clear, assessor‑ready documentation through strong technical writing and stakeholder coordination. • Draft and refine policies, procedures, and control narratives, and coordinate teams through internal audits, readiness assessments, and corrective action plans. Requirements: • Must be able to OBTAIN and MAINTAIN a Federal or DoD "PUBLIC TRUST"; candidates must obtain approved adjudication of their PUBLIC TRUST prior to onboarding with Guidehouse. • Candidates with an ACTIVE PUBLIC TRUST or SUITABILITY are preferred. • Bachelor’s degree in information systems, Cybersecurity, Computer Science, Accounting/IS Audit, or a discipline related to this project. • Three (3) or more years of IT Audit & Compliance experience. • Experience implementing or assessing NIST SP 800‑53 control requirements in production environments (cloud and/or on‑prem). • Knowledge of federal cybersecurity and audit frameworks. (This could include NIST SP 800‑37 (RMF), NIST SP 800‑171, FISMA, FISCAM, OMB Circular A‑123, or FedRAMP.) • Demonstrated ability to create accurate, assessor‑ready documentation (This could include: SSPs, procedures/SOPs, control narratives, POA&Ms, ConMon reporting, evidence packages). • Preference will be given to candidate's located within the DC Metropolitan area. Benefits: • Medical, Rx, Dental & Vision Insurance • Personal and Family Sick Time & Company Paid Holidays • Position may be eligible for a discretionary variable incentive bonus • Parental Leave and Adoption Assistance • 401(k) Retirement Plan • Basic Life & Supplemental Life • Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts • Short-Term & Long-Term Disability • Student Loan PayDown • Tuition Reimbursement, Personal Development & Learning Opportunities • Skills Development & Certifications • Employee Referral Program • Corporate Sponsored Events & Community Outreach • Emergency Back-Up Childcare Program • Mobility Stipend Apply Now Apply Now