IT Program Auditor
Conducts evaluations of an IT program or its individual components, to determine compliance with published standards.
Core KSATs
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
203 | Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system. |
Skill |
537 | Develop methods to monitor and measure risk, compliance, and assurance efforts. |
Task |
1002 | Skill in conducting audits or reviews of technical systems. |
Skill |
1143A | Conduct import/export reviews for acquiring systems and software. |
Task |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
Additional KSATs
KSAT ID | Description | KSAT |
---|---|---|
62 | Knowledge of industry-standard and organizationally accepted analysis principles and methods. |
Knowledge |
68 | Knowledge of information technology (IT) architectural concepts and frameworks. |
Knowledge |
69A | Knowledge of risk management processes and requirements per the Risk Management Framework (RMF). |
Knowledge |
107 | Knowledge of resource management principles and techniques. |
Knowledge |
129 | Knowledge of system life cycle management principles, including software security and usability. |
Knowledge |
296 | Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise. |
Knowledge |
325A | Ability to ensure security practices are followed throughout the acquisition process. |
Ability |
811 | Provide ongoing optimization and problem solving support. |
Task |
813 | Provide recommendations for possible improvements and upgrades. |
Task |
840B | Review or conduct audits of programs and projects. |
Task |
936 | Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers). |
Task |
949 | Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements. |
Task |
954 | Knowledge of import/export control regulations and responsible agencies for the purposes of reducing supply chain risk. |
Knowledge |
979 | Knowledge of supply chain risk management standards, processes, and practices. |
Knowledge |
1004A | Knowledge of information technology (IT) acquisition/procurement requirements. |
Knowledge |
1021 | Knowledge of risk threat assessment. |
Knowledge |
1037 | Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures. |
Knowledge |
1061A | Knowledge of the acquisition/procurement life cycle process. |
Knowledge |
1125 | Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration. |
Knowledge |
1130 | Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions). |
Knowledge |
1133 | Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]). |
Knowledge |
1136A | Knowledge of use cases related to collaboration and content synchronization across platforms (e.g., Mobile, PC, Cloud). |
Knowledge |
1147A | Develop data management capabilities (e.g., cloud based, centralized cryptographic key management) to include support to the mobile workforce. |
Task |
1148B | Ensure supply chain, system, network, performance, and cyber security requirements are included in contract language and delivered. |
Task |
5610 | Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up. |
Task |
6290 | Knowledge of how to leverage government research and development centers, think tanks, academic research, and industry systems. |
Knowledge |
6918 | Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments. |
Ability |
6919 | Ability to determine the best cloud deployment model for the appropriate operating environment. |
Ability |
6942 | Skill in designing or implementing cloud computing deployment models. |
Skill |
6945 | Skill in migrating workloads to, from, and among the different cloud computing service models. |
Skill |