Principal, IT Audit & Controls

Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That's because MITRE people are committed to tackling our nation's toughest challenges-and we're committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do.

The R&D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We're making a difference every day-working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities for career growth, and a culture of innovation that embraces adaptability, collaboration, technical excellence, and people in partnership.

If this sounds like the choice you want to make, then choose MITRE - and make a difference with us.

We are seeking an IT Audit & Controls, Principal to lead and execute comprehensive information technology and cybersecurity audits and risk assessments within a complex federal environment. This role serves as a trusted advisor to the Director of Internal Audit, Senior Leadership, and the Audit Committee. This role will act as an individual contributor overseeing the outsourced Internal Audit function while performing targeted in-house IT audit and compliance activities.

Roles & Responsibilities :

* Government compliance:
Ensure audits are in alignment to DFARS, NIST 800-171, FedRAMP, CMMC, or Agency Specific requirements to ensure contract integrity and regulatory adherence.

* Risk assessment:
Conduct ongoing enterprise-wide risk assessments to identify high-risk areas across IT.

* Controls management:
Assess the effectiveness of security controls (technical, physical, and administrative) and make recommendations for improvement.

* Audit execution:
Lead and manage cybersecurity internal audits across federal programs, including planning, fieldwork, reporting, and follow-up.

* Reporting:
Prepare and deliver clear, concise, and timely IT audit reports and compliance updates to management, the C-suite, and the Audit Committee.

* Collaboration:

Partner with IT, Security Operations, Risk Management, and Compliance teams to align IT audit plan and findings with agency missions and priorities of the company and audit committee.

* Continuous improvement:
Work with management to design and implement effective remediation plans, fostering a culture of accountability and operational excellence.

Basic Qualifications:

* Typically requires a minimum of 10 years of related experience with a Bachelor's degree; or 8 years and a Master's degree; or a PhD with 5 years' experience; or equivalent combination of related education and work experience.

* 6+ years of IT/Cybersecurity audit experience, with at least 2 years in a federal contracting or government agency environment.

* Direct experience supporting CMMC readiness assessments or other federal cybersecurity compliance initiatives.

* Strong knowledge of ITGCs, ICOFR, and audit/control frameworks (COSO, COBIT, NIST, ISO).

* Proven ability to present to and build trust with Audit Committees, C-suite executives, and IT leadership (CISO, CIO, etc).

* Experience managing outsourced providers and coordinating with external auditors.

* This position requires a minimum of 4 days a week on-site.

Preferred Qualifications:

* Bachelor's degree in Information Systems, Cybersecurity, or Computer Science (Master's a Plus)

* Professional certifications: CISA, CPA, CIA, CISSP, or CISM.

* 8+ years of IT/Cybersecurity audit experience, with at least 6 years in a federal contracting or government agency environment.

* Strong communication, relationship-building, and executive presence.

This requisition requires the candidate to have a minimum of the following clearance(s):

None

This requisition requires the hired candidate to have or obtain, within one year from the date of hire, the following clearance(s):

None

Salary compensation range and midpoint:

$138,000 - $172,500 - $207,000 Annual

Work Location Type:

Onsite

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Commitment to Non-Discrimination

All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local or international law.

MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE's employment process, please email recruiting help for general support and college recruiting for intern…