Back to search
Summary Role Desc:
Experienced risk management and internal controls (RMIC) professional with deep experience implementing OMB Circular A-123, GAO Green Book/FAM, and DoD internal control guidance, leveraging eGRC/ServiceNow to produce audit-ready process and control documentation and deliver executive-level briefings. Skilled in driving DAF-wide RMIC progress through organizational change management and cross-stakeholder coordination, while consuming and consolidating large datasets to support enterprise reporting and third-party/IT control monitoring.
Technical Skills:
- Internal control framework execution: design and perform A-123/GAO Green Book/FAM/DoD PCN-aligned control work, including process/control documentation and audit-ready deliverables.
- Walkthroughs & gap assessment: plan, conduct, and document walkthroughs; perform Process Control Matrix (PCM) analysis to identify and document control gaps and remediation needs.
- Stakeholder quality & change enablement: provide technical review/standardization feedback across DAF-wide stakeholders; apply change management practices and strong technical writing to mature RMIC artifacts (policies, SOPs, agreements).
Communication & Interpersonal Skills:
Executive communication:
- Develop and deliver senior-leader briefings on walkthrough results, findings, recommendations, and RMIC status.
- Cross-stakeholder facilitation: lead discussions and align requirements across functional/financial teams and DAF-wide/external stakeholders (e.g., IPA, service auditors, AUs, system owners, service providers)
Technical writing:
Produce clear, concise, audit-ready documentation (e.g., process control matrices (PCMs)) with strong attention to detail and accuracy.
Expertise with Regulations and Guidance:
- Office of Management and Budget (OMB) Circular No. A-123: Management’s Responsibility for Enterprise Risk Management and Internal Control
- Government Accountability Office (GAO) Green Book (GAO-14-704G): Standards for Internal Control in the Federal Government
- Department of Defense Instruction (DoDI) 5010.40: DoD Enterprise Risk Management and Risk Management and Internal Control (RMIC) Program
Additional desired skillsets (nice to haves but not necessarily required):
- Expertise with Regulations and Guidance:
- GAO Framework for Managing Fraud Risks (GAO-15-593SP)
- GAO Financial Audit Manual (FAM) (GAO-22-105895): Vol. 1 (Jun 2024) and Vol. 2 (Jun 2025)
Technical Skills:
- ServiceNow eGRC / Integrated Risk Management (IRM) administration and workflow integration (test & production), including centralized internal controls repository management.
- Data analytics & reporting: consolidate large, siloed RMIC datasets into enterprise-level reports, executive summaries, visualizations, and annual Statement of Assurance (SoA) deliverables.
- Third-party/IT controls oversight: assess service-provider controls (including SSAE 18), evaluate materiality, and monitor Complementary User Entity Controls (CUECs) impacting financial reporting.
Required qualifications outside of the normal LCAT requirements (required):
- Active DOD Secret clearance
- Bachelor's degree
- Minimum 4 years of relevant experience
Learn more about this Employer on their Career Site
