IT Program Auditor

IT Program Auditor Work Role ID: 805 (NIST: OV-PM-005) Category/Specialty Area: Oversee & Govern / Acquisition and Program/Project Management Workforce Element: Cyberspace Enablers / Acquisition

Conducts evaluations of an IT program or its individual components, to determine compliance with published standards.


Items denoted by a * are CORE KSATs for every Work Role, while other CORE KSATs vary by Work Role.

Core KSATs

KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
69

Knowledge of Risk Management Framework (RMF) requirements.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
203

Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.

Skill
537

Develop methods to monitor and measure risk, compliance, and assurance efforts.

Task
840

Review or conduct audits of information technology (IT) programs and projects.

Task
1002

Skill in conducting audits or reviews of technical systems.

Skill
1143A

Conduct import/export reviews for acquiring systems and software.

Task
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge

Additional KSATs

KSAT ID Description KSAT
62

Knowledge of industry-standard and organizationally accepted analysis principles and methods.

Knowledge
68

Knowledge of information technology (IT) architectural concepts and frameworks.

Knowledge
107

Knowledge of resource management principles and techniques.

Knowledge
129

Knowledge of system life cycle management principles, including software security and usability.

Knowledge
296

Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise.

Knowledge
325A

Ability to ensure security practices are followed throughout the acquisition process.

Ability
811

Provide ongoing optimization and problem solving support.

Task
813

Provide recommendations for possible improvements and upgrades.

Task
949

Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.

Task
954

Knowledge of import/export control regulations and responsible agencies for the purposes of reducing supply chain risk.

Knowledge
979

Knowledge of supply chain risk management standards, processes, and practices.

Knowledge
1004A

Knowledge of information technology (IT) acquisition/procurement requirements.

Knowledge
1021

Knowledge of risk threat assessment.

Knowledge
1037

Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures.

Knowledge
1061A

Knowledge of the acquisition/procurement life cycle process.

Knowledge
1130

Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions).

Knowledge
1133

Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).

Knowledge
1148B

Ensure supply chain, system, network, performance, and cyber security requirements are included in contract language and delivered.

Task
5610

Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up.

Task
6290

Knowledge of how to leverage government research and development centers, think tanks, academic research, and industry systems.

Knowledge