Northern Virginia Community College
IT Audit Specialist
FERPA
Edtech.com's Summary
Northern Virginia Community College is hiring an IT Audit Specialist. The role requires evaluating and ensuring the security, effectiveness, and compliance of IT systems and processes by collaborating with technical teams, performing risk and vendor assessments, managing security training, optimizing incident response, and driving improvements in IT infrastructure resilience and control validation.
Highlights
- Ensure IT compliance with laws and standards such as GDPR, HIPAA, FERPA, and NIST CSF.
- Collaborate with technical teams to validate IT controls and maintain compliance documentation.
- Perform third-party and supplier risk assessments and support risk mitigation.
- Conduct Business Impact Analysis and technical risk assessments to align recovery objectives.
- Manage KnowBe4 platform operations for automated security training and phishing assessments using MS Attack Simulator.
- Update and standardize incident response playbooks and facilitate tabletop exercises in line with NIST CSF.
- Review Active Directory to enforce Principle of Least Privilege and remediate unauthorized access.
- Conduct CIS Controls assessments, use CSAT tool for control maturity evaluation, and maintain security control dashboards.
- Manage remediation pipeline (POA&M) coordinating with teams to close vulnerabilities.
- Qualifications include experience with IT audit, security frameworks (NIST CSF, CIS Controls), Microsoft Office, and preferred professional certification such as CISA.
IT Audit Specialist Full Description
IT Audit Specialist
Please see Special Instructions for more details.
In support of the Commonwealth’s commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth's Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly called a Certificate of Disability) provided by the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans may also apply via the AHP if they also provide an AHP Letter. To request an AHP Letter, use this link: https://www.dars.virginia.gov/drs/cpid/PWContact.aspx or call DARS at 800-552-5019, or DBVI at 800-622-2155
Posting Details
Posting Summary
Working Title | IT Audit Specialist
Role Title | Info Technology Specialist II
Role Code | 39112-FP
FLSA | Exempt
Pay Band | 05
Position Number | 28000879
Agency | Northern VA Community College
Division | NV280-VP of College Computing
Work Location | Fairfax County - 059
Hiring Range | Commensurate with Experience (up to $115,000 max)
Emergency/Essential Personnel | No
EEO Category | 5-Paraprofessionals
Full Time or Part Time | Full Time
Does this position have telework options? -Telework options are subject to change based on business needs- |
Does this position have a bilingual or multilingual skill requirement or preference? |
Work Schedule | Monday – Friday schedule; 8 hours daily.
Sensitive Position | No
Job Description | General Description:
Their responsibility is to evaluate and ensure the effectiveness, security, and compliance of College Computing information technology systems, processes, and controls. This role is a core Security Operations and Risk Architecture position focused on strengthening infrastructure resilience and system integrity. Their work is essential for safeguarding digital assets, maintaining regulatory compliance, and identifying areas of improvement within IT infrastructure. The role supports regular system access reviews and drives the human-defense layer via continuous security training. By optimizing incident response playbooks and managing technical third-party risk, this position is vital for neutralizing vulnerabilities, minimizing downtime, and proactively engineering a more secure IT infrastructure.
Duties Responsibilities
Ensure IT operations comply with relevant laws, regulations, and standards (e.g., GDPR, HIPAA, FERPA, NIST CSF). Collaborate with technical teams to validate controls, collect evidence, and maintain the official Compliance Tracker. Third Party & Supplier Risk Assessments: Perform vendor reviews, document findings, and support risk mitigation activities. BIA and Risk Assessments: Collaborate on technical impact analyses to align system recovery objectives with operational requirements and continuity profiles. KnowBe4 Platform Operations: Orchestrate automated security training workflows and analyze engagement metrics to quantify and reduce human-centric risk. Phishing Assessments (MS Attack Simulator): Leverage MS Attack Simulator to execute controlled social engineering tests, using the data to harden email security filters and user response protocols. Incident Response (IR) Playbooks & IR Plan: Update and standardized playbooks in alignment with NIST CSF; ensure quarterly reviews and accessibility for stakeholders. IR Tabletop Exercises: Facilitate technical tabletop simulations to identify process bottlenecks, documenting “lessons learned” to optimize future response speed. Identity & Access Management (AD): Review & evaluate Active Directory to enforce the Principle of Least Privilege (PoLP) and remediate unauthorized access paths. CIS Controls Assessments & CSAT Tool: Conduct internal assessments to measure control maturity and drive technical roadmap improvements. Control Validation: Develop and maintain a centralized dashboard to track security control health and document the verification of technical safeguards. POA&M Maintenance: Manage the technical remediation pipeline, coordinating with cross-functional teams to patch security gaps and close open vulnerabilities.
Special Assignments | May be required to perform other duties as assigned. May be required to assist the agency or state government generally in the event of an emergency declaration by the Governor.
KSA's/Required Qualifications | KSA Requirements: Knowledge of IT infrastructure, networks, applications, and cybersecurity principles. Demonstrated analytical skills and attention to detail in reviewing processes, documentation, and managing evidence. Capable of clear, concise reporting to both technical and non-technical stakeholders. Ability to collaborate with technical teams to validate controls, collect evidence, and maintain the official Compliance Tracker. Ability to manage and maintain audit documentation and evidence repositories, ensuring organization and accessibility for internal and external reviews. Ability to Identify potential vulnerabilities and risks; contribute to annual Business Impact Analysis (BIA) and Risk Assessments.
Minimum Work Experience: Experience with major security frameworks (e.g., NIST CSF, CIS Controls). Experience in IT audit, security, risk management, or compliance. Experience with Microsoft Office
Additional Considerations | Additional Considerations: Professional certification such as CISA (Certified Information Systems Auditor).
Operation of a State Vehicle | No
Supervises Employees | No
Required Travel | n/a
Role Title | Info Technology Specialist II
Role Code | 39112-FP
FLSA | Exempt
Pay Band | 05
Position Number | 28000879
Agency | Northern VA Community College
Division | NV280-VP of College Computing
Work Location | Fairfax County - 059
Hiring Range | Commensurate with Experience (up to $115,000 max)
Emergency/Essential Personnel | No
EEO Category | 5-Paraprofessionals
Full Time or Part Time | Full Time
Does this position have telework options? -Telework options are subject to change based on business needs- |
Does this position have a bilingual or multilingual skill requirement or preference? |
Work Schedule | Monday – Friday schedule; 8 hours daily.
Sensitive Position | No
Job Description | General Description:
Their responsibility is to evaluate and ensure the effectiveness, security, and compliance of College Computing information technology systems, processes, and controls. This role is a core Security Operations and Risk Architecture position focused on strengthening infrastructure resilience and system integrity. Their work is essential for safeguarding digital assets, maintaining regulatory compliance, and identifying areas of improvement within IT infrastructure. The role supports regular system access reviews and drives the human-defense layer via continuous security training. By optimizing incident response playbooks and managing technical third-party risk, this position is vital for neutralizing vulnerabilities, minimizing downtime, and proactively engineering a more secure IT infrastructure.
Duties Responsibilities
Ensure IT operations comply with relevant laws, regulations, and standards (e.g., GDPR, HIPAA, FERPA, NIST CSF). Collaborate with technical teams to validate controls, collect evidence, and maintain the official Compliance Tracker. Third Party & Supplier Risk Assessments: Perform vendor reviews, document findings, and support risk mitigation activities. BIA and Risk Assessments: Collaborate on technical impact analyses to align system recovery objectives with operational requirements and continuity profiles. KnowBe4 Platform Operations: Orchestrate automated security training workflows and analyze engagement metrics to quantify and reduce human-centric risk. Phishing Assessments (MS Attack Simulator): Leverage MS Attack Simulator to execute controlled social engineering tests, using the data to harden email security filters and user response protocols. Incident Response (IR) Playbooks & IR Plan: Update and standardized playbooks in alignment with NIST CSF; ensure quarterly reviews and accessibility for stakeholders. IR Tabletop Exercises: Facilitate technical tabletop simulations to identify process bottlenecks, documenting “lessons learned” to optimize future response speed. Identity & Access Management (AD): Review & evaluate Active Directory to enforce the Principle of Least Privilege (PoLP) and remediate unauthorized access paths. CIS Controls Assessments & CSAT Tool: Conduct internal assessments to measure control maturity and drive technical roadmap improvements. Control Validation: Develop and maintain a centralized dashboard to track security control health and document the verification of technical safeguards. POA&M Maintenance: Manage the technical remediation pipeline, coordinating with cross-functional teams to patch security gaps and close open vulnerabilities.
Special Assignments | May be required to perform other duties as assigned. May be required to assist the agency or state government generally in the event of an emergency declaration by the Governor.
KSA's/Required Qualifications | KSA Requirements: Knowledge of IT infrastructure, networks, applications, and cybersecurity principles. Demonstrated analytical skills and attention to detail in reviewing processes, documentation, and managing evidence. Capable of clear, concise reporting to both technical and non-technical stakeholders. Ability to collaborate with technical teams to validate controls, collect evidence, and maintain the official Compliance Tracker. Ability to manage and maintain audit documentation and evidence repositories, ensuring organization and accessibility for internal and external reviews. Ability to Identify potential vulnerabilities and risks; contribute to annual Business Impact Analysis (BIA) and Risk Assessments.
Minimum Work Experience: Experience with major security frameworks (e.g., NIST CSF, CIS Controls). Experience in IT audit, security, risk management, or compliance. Experience with Microsoft Office
Additional Considerations | Additional Considerations: Professional certification such as CISA (Certified Information Systems Auditor).
Operation of a State Vehicle | No
Supervises Employees | No
Required Travel | n/a
Posting Detail Information
Posting Number | CLS_4421P
Recruitment Type | General Public - G
Number of Vacancies | 1
Position End Date (if temporary) |
Job Open Date | 04/24/2026
Job Close Date | 05/08/2026
Open Until Filled |
Agency Website | www.nvcc.edu
Contact Name |
Email |
Phone Number |
Special Instructions to Applicants | In support of the Commonwealth’s commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth’s Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly called a Certificate of Disability) provided by the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans may also apply via the AHP if they also provide an AHP Letter. To request an AHP Letter, use this link: https://www.dars.virginia.gov/drs/cpid/PWContact.aspx or call DARS at 800-552-5019, or DBVI at 800-622-2155
Additional Information | Northern Virginia Community College (NOVA) is the largest public institution of higher education in the Commonwealth of Virginia and one of the largest community colleges in the nation. NOVA enrolls nearly 75,000 students on its six campuses in Alexandria, Annandale, Sterling, Manassas, Springfield, and Woodbridge, as well as through NOVA Online and high school dual enrollment programs. The College offers more than 100 affordable associate degree and certificate programs to help our students reach their academic and professional goals in some of the most in-demand careers.At NOVA, we are deeply committed to fostering an inclusive community for all students, faculty, and staff, and our diverse workforce is representative of this commitment. To this end, we encourage all applicants seeking to add value through their diverse backgrounds, experiences, and interests to consider employment opportunities with NOVA. To learn more about NOVA’s commitment to inclusive excellence, please visit our website. NOVA offers eligible employees a benefits package that includes a comprehensive health and dental insurance program, generous paid leave, deferred compensation plans, paid parental leave, state employee discounts, and a solid and secure retirement program.We strive to ensure our employees have the tools and development opportunities to support and promote NOVA’s mission. For more information about NOVA and its programs and services, please visit our website at www.nvcc.edu. The security of our students, faculty, and staff is very important at NOVA. Please take a moment to review NOVA’s Annual Security Reports.
Background Check Statement Disclaimer | The selected candidate’s offer is contingent upon the successful completion of a criminal background investigation, which may include: fingerprint checks, local agency checks, employment verification, verification of education, credit checks (relevant to employment). Additionally, selected candidates may be required to complete the Commonwealth’s Statement of Economic Interest. For more information, please follow this link: http://ethics.dls.virginia.gov/
EEO Statement | The Virginia Community College System (VCCS) provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, political affiliation, veteran status, sexual orientation, gender identity or other non-merit factors.
ADA Statement | The Virginia Community College System (VCCS) is an Equal Employment Opportunity employer and complies with the Americans with Disabilities Acts (ADA and ADAAA), to provide, reasonable accommodation to applicants in need of access to the application, interviewing, and selection processes when requested.
E-Verify Statement | VCCS uses E-Verify to check employee eligibility to work in the United States. You will be required to complete an I-9 form and provide documentation of your identity for employment purposes.
Quicklink for Posting | https://jobs.vccs.edu/postings/95531
Recruitment Type | General Public - G
Number of Vacancies | 1
Position End Date (if temporary) |
Job Open Date | 04/24/2026
Job Close Date | 05/08/2026
Open Until Filled |
Agency Website | www.nvcc.edu
Contact Name |
Email |
Phone Number |
Special Instructions to Applicants | In support of the Commonwealth’s commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth’s Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly called a Certificate of Disability) provided by the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans may also apply via the AHP if they also provide an AHP Letter. To request an AHP Letter, use this link: https://www.dars.virginia.gov/drs/cpid/PWContact.aspx or call DARS at 800-552-5019, or DBVI at 800-622-2155
Additional Information | Northern Virginia Community College (NOVA) is the largest public institution of higher education in the Commonwealth of Virginia and one of the largest community colleges in the nation. NOVA enrolls nearly 75,000 students on its six campuses in Alexandria, Annandale, Sterling, Manassas, Springfield, and Woodbridge, as well as through NOVA Online and high school dual enrollment programs. The College offers more than 100 affordable associate degree and certificate programs to help our students reach their academic and professional goals in some of the most in-demand careers.At NOVA, we are deeply committed to fostering an inclusive community for all students, faculty, and staff, and our diverse workforce is representative of this commitment. To this end, we encourage all applicants seeking to add value through their diverse backgrounds, experiences, and interests to consider employment opportunities with NOVA. To learn more about NOVA’s commitment to inclusive excellence, please visit our website. NOVA offers eligible employees a benefits package that includes a comprehensive health and dental insurance program, generous paid leave, deferred compensation plans, paid parental leave, state employee discounts, and a solid and secure retirement program.We strive to ensure our employees have the tools and development opportunities to support and promote NOVA’s mission. For more information about NOVA and its programs and services, please visit our website at www.nvcc.edu. The security of our students, faculty, and staff is very important at NOVA. Please take a moment to review NOVA’s Annual Security Reports.
Background Check Statement Disclaimer | The selected candidate’s offer is contingent upon the successful completion of a criminal background investigation, which may include: fingerprint checks, local agency checks, employment verification, verification of education, credit checks (relevant to employment). Additionally, selected candidates may be required to complete the Commonwealth’s Statement of Economic Interest. For more information, please follow this link: http://ethics.dls.virginia.gov/
EEO Statement | The Virginia Community College System (VCCS) provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, political affiliation, veteran status, sexual orientation, gender identity or other non-merit factors.
ADA Statement | The Virginia Community College System (VCCS) is an Equal Employment Opportunity employer and complies with the Americans with Disabilities Acts (ADA and ADAAA), to provide, reasonable accommodation to applicants in need of access to the application, interviewing, and selection processes when requested.
E-Verify Statement | VCCS uses E-Verify to check employee eligibility to work in the United States. You will be required to complete an I-9 form and provide documentation of your identity for employment purposes.
Quicklink for Posting | https://jobs.vccs.edu/postings/95531
Supplemental Questions
Required fields are indicated with an asterisk (*).
- * I understand that only information provided at the time of the application submission will be considered when determining my qualifications and only responses to Supplemental Questions that can be verified in my application and resume will be credited.
- Yes
- No
- * I understand this position is located in Virginia and I will be required to reside in the DMV metro area.
- Yes
- No
- * Do you now or in the future require visa sponsorship to work in the United States?
- Yes
- No
- * Do you have experience with major security frameworks (e.g., NIST CSF, CIS Controls)?
- Yes
- No
- * Do you have experience in IT audit, security, risk management, or compliance?
- Yes
- No
- * Do you have experience with Microsoft Office?
- Yes
- No
Applicant Documents
Required Documents
- Resume
Optional Documents
- Cover Letter/Letter of Application
- Other Document
- Alternative Hiring Process Letter
- (877) 340-5577
- ats@ssc.vccs.edu
Similar Jobs
Systems Manager
Virginia Tech
🇺🇸 Blacksburg, VA
Salesforce Enterprise Architect
Western Governors University
🇺🇸 Salt Lake City, UT
Advanced Specialist, Technology Solutions
Pearson
🇺🇸 Hybrid - Durham, NC
Learning Systems Analyst, Senior Manager
Booz Allen Hamilton
🇺🇸 Hybrid - McLean, VA
Regional IT Administrator
Stride
🇺🇸 Remote - VA
