IT Auditor
Company: Credence
Location: Arlington
Posted on: February 16, 2026
|
|
|
Job Description:
Job Description Job Description Join a team where innovation
meets mission. Our AI, cloud, cyber, and modernization solutions
save agencies thousands of hours, safeguard national security, and
strengthen health and humanitarian missions worldwide. With 1,700
team members, 1,500 AI/data experts, and 100 prime contracts, we
deliver at scale and with purpose. We’ve been recognized as a Top
Workplace by the Washington Post for six straight years and named
to the Inc. 5000 Fastest Growing Private Companies 13 of the past
14 years. Credence is a welcoming home for those looking to grow
and contribute to positive change. We encourage all employees to
expand beyond their boundaries, dive into important world-changing
Federal challenges. Credence has an immediate for an IT Auditor
specializing in the General Fund Enterprise Business System
(GFEBS). GFEBS is the Army’s web-based enterprise resource planning
(ERP) system, based on SAP, which manages the vast majority of the
Army’s General Fund. The IT Auditor is responsible for evaluating
the design and operating effectiveness of Information Technology
General Controls (ITGCs) and application controls within the GFEBS
environment. This role ensures the integrity, availability, and
confidentiality of financial data to support the Army’s Audit
Readiness goals and compliance with the Federal Financial
Management Improvement Act (FFMIA). GFEBS is a financial
management, web-based, System Analysis and Software Development
(SAP) enterprise resource program (ERP). The General Fund
Enterprise Business System - Sensitive Activities (GFEBS-SA) is a
fully functional GFEBS application operating on SIPRNet with
additional security requirements to protect national security
information. It enables the final retirement of legacy core
financial systems, while integrating seamlessly with GFEBS to
provide secure, web-based, real-time data to the Army’s Sensitive
Activities. Fully fielded, GFEBS replaced or absorbed more than 80
legacy accounting and asset management systems. GFEBS has been
fully migrated to the Amazon Web Services (AWS) commercial cloud
and is operated through the Army Shared Service Center (ASSC) for
sustainment. GFEBS is fully fielded to Army and DoD organizations
around the world. The Product Office continues to develop and field
enhancements to the system to facilitate a clean audit and
strengthen overall system security. Responsibilities: Internal
Control Testing: Conduct rigorous testing of GFEBS controls,
specifically focusing on the "Big Three" of ERP auditing: User
Access Management: Provisioning, de-provisioning, and periodic
access reviews. Segregation of Duties (SoD): Identifying and
mitigating conflicting roles within SAP GRC (Governance, Risk, and
Compliance). Change Management: Ensuring system updates and
configuration changes follow the proper transport path without
unauthorized alterations. System Interface Auditing: Evaluate the
security and data integrity of automated interfaces between GFEBS
and peripheral systems (e.g., ATAAPS for payroll, SPS for
procurement). Audit Liaison & Support: Serve as a focal point for
external auditors (e.g., GAO, AAA, or Independent Public Accounting
firms). Prepare "Provided by Client" (PBC) samples and explain
complex system workflows. Risk Assessment: Identify vulnerabilities
in the GFEBS landscape, including SAP HANA database security and
cloud infrastructure hosting. Remediation Tracking: Monitor the
status of Notice of Findings and Recommendations (NFRs) and assist
functional owners in developing Corrective Action Plans (CAPs).
Requirements Bachelor’s degree in Information Systems, Accounting,
Cybersecurity, Computer Science, or a related discipline. Security
Clearance – Secret (with ability to obtain a TS) Experience: 3
years in IT Audit, with specific experience in SAP environments. 3
years of relevant experience supporting audits conducted by DoDIG,
GAO, Army Audit Agency, or external auditors. 3 years of relevant
experience in IT auditing. Cybersecurity, compliance, and risk
management experience a plus. Certifications: CISA (Certified
Information Systems Auditor) is highly preferred; CISSP or CIA is a
plus. Tools: Proficiency in SAP GRC, BI/BW reporting, and Data
Analytics tools (ACL, IDEA, or SQL). Technical Knowledge:
Familiarity with NIST SP 800-53 controls and the FISCAM (Federal
Information System Controls Audit Manual) framework. Familiarity
with Generally Accepted Government Auditing Standards (GAGAS)
Understanding of federal internal control frameworks such as OMB
A-123, FISCAM, NIST SP 800-53/800-37, and RMF. Specific GFEBS
Knowledge Areas To be successful in this role, the candidate should
understand the following GFEBS modules and how they impact
financial reporting: FI/CO: Financial Accounting and Controlling.
Spending Chain: Purchase Requisitions to Payments. Reimbursables:
Debt Management and Customer Orders. Property, Plant, & Equipment
(PP&E): Accountability of Army assets. Preferred Qualifications
Experience supporting Army organizations such as CIO/G-6,
ASA(FM&C), DFAS, or Army Materiel Command. Familiarity with
Army enterprise environments including ERP systems (e.g., GFEBS,
LMP, GCSS-Army). Proficiency in evaluating and implementing
cybersecurity controls and audit strategies across complex IT
environments. Working Conditions and Physical Requirements:
Majority of work currently remote, occasional travel to client
and/or customer/stakeholder location within the Washington DC Metro
area. Benefits Health Care Plan (Medical, Dental & Vision)
Retirement Plan (401k, IRA) Life Insurance (Basic, Voluntary &
AD&D) Paid Time Off (Vacation, Sick & Public Holidays) Family
Leave (Maternity, Paternity) Short Term & Long Term Disability
Training & Development Work From Home Wellness Resources
Keywords: Credence, Germantown , IT Auditor, IT / Software / Systems , Arlington, Maryland
