Cybersecurity Risk & Compliance Auditor

Gen3 Technology Consulting is an SBA-certified Woman-Owned Small Business (WOSB) providing a diverse set of technology services and solutions to federal, state, and commercial clients. Founded in 2017, Gen3 leverages over 25 years of information technology management and leadership experience to help our clients define, plan, manage, and achieve their strategic vision while protecting their critical IT assets. We attract and retain the highest caliber of talent by supporting an inclusive work environment, cultivating growth and leadership both professionally and personally, and encouraging work-life balance. We strive to make it our priority to be compassionate, family-friendly, respectful, and flexible.   
About the role: 
Gen3 is seeking a Cybersecurity Risk & Compliance Auditor to support the Executive Office of the Governor.  In this role, you will perform in-depth evaluations of systems, networks, and applications to assess and validate the organization’s cybersecurity posture. You will also lead compliance reviews, conduct risk and control assessments, and provide evidence-based recommendations to strengthen security and ensure alignment with federal, state, and industry standards.
Location: Remote; United States, occasional travel to Tallahassee, FL
Key Responsibilities:

• Evaluate cybersecurity operations and information technology compliance assessments.
• Perform independent validation testing including configuration assessments, vulnerability scanning, and penetration testing.
• Provide recommendations for system hardening and security.
• Conduct audits or compliance reviews.
• Utilize NIST Cyber Security Framework for risk management, gap analysis, security control assessments.
• Create evidenced-based conclusions and recommendations for consideration to C-suite/Board/Senior Management levels.
• coordinate project timelines and deliverables.
• Work with sensitive or restricted data in a government setting.

• Bachelor’s degree in information technology or relevant field
• 7-10 years of experience in cybersecurity, auditing, compliance and assessments  
• At least five years of experience supporting or conducting audits or compliance reviews in a government setting.
• A working knowledge of auditing standards (e.g., Government Auditing Standards published by the U.S. Government Accountability Office (GAO) “Yellow Book”, International Standards for the Professional Practice of Internal Auditing published by The Institute of Internal Auditors “Red Book”).
• CISSP, CISA, PMP, or CEH certifications or other relevant certifications.
• Technical expertise in evaluating cybersecurity operations and information technology compliance assessments.
• Experience performing independent validation testing including configuration assessments, vulnerability scanning, penetration testing; and making recommendations for system hardening and security.
• Experience with NIST Cybersecurity Framework, including risk management, gap analysis, and other assessment of controls in a government setting or organization.
• Experience making evidenced-based conclusions and recommendations for consideration to C-suite/Board/Senior Management levels.
• Familiarity with Florida cybersecurity standards under Rule 60GG-2, F.A.C is desired.