IT Program Auditor


Conducts evaluations of an IT program or its individual components, to determine compliance with published standards.
Core KSATs
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
69 | Knowledge of Risk Management Framework (RMF) requirements. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
203 | Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system. |
Skill |
537 | Develop methods to monitor and measure risk, compliance, and assurance efforts. |
Task |
840 | Review or conduct audits of information technology (IT) programs and projects. |
Task |
1002 | Skill in conducting audits or reviews of technical systems. |
Skill |
1143A | Conduct import/export reviews for acquiring systems and software. |
Task |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
Additional KSATs
KSAT ID | Description | KSAT |
---|---|---|
62 | Knowledge of industry-standard and organizationally accepted analysis principles and methods. |
Knowledge |
68 | Knowledge of information technology (IT) architectural concepts and frameworks. |
Knowledge |
107 | Knowledge of resource management principles and techniques. |
Knowledge |
129 | Knowledge of system life cycle management principles, including software security and usability. |
Knowledge |
296 | Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise. |
Knowledge |
325A | Ability to ensure security practices are followed throughout the acquisition process. |
Ability |
811 | Provide ongoing optimization and problem solving support. |
Task |
813 | Provide recommendations for possible improvements and upgrades. |
Task |
949 | Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements. |
Task |
954 | Knowledge of import/export control regulations and responsible agencies for the purposes of reducing supply chain risk. |
Knowledge |
979 | Knowledge of supply chain risk management standards, processes, and practices. |
Knowledge |
1004A | Knowledge of information technology (IT) acquisition/procurement requirements. |
Knowledge |
1021 | Knowledge of risk threat assessment. |
Knowledge |
1037 | Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures. |
Knowledge |
1061A | Knowledge of the acquisition/procurement life cycle process. |
Knowledge |
1130 | Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions). |
Knowledge |
1133 | Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]). |
Knowledge |
1148B | Ensure supply chain, system, network, performance, and cyber security requirements are included in contract language and delivered. |
Task |
5610 | Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up. |
Task |
6290 | Knowledge of how to leverage government research and development centers, think tanks, academic research, and industry systems. |
Knowledge |