VITA SCC - IT Security Auditor - Richmond, VA

We strive to attract and retain the brightest people and offer different job experiences with a full range of challenges and rewards.

We help companies realize and implement IT solutions strategically. Yakshna Solutions supports our client’s mission and goals by sharing our know-how, skills and knowledge. We strive to attract and retain the brightest people and offer different job experiences with a full range of challenges and rewards. We take pride in being an equal opportunity employer.

Working with Yakshna gives you the opportunity to develop your knowledge, skills, and abilities. Additionally, you can build a network of peers, mentors and advance your career! We offer exciting opportunities to work with leading industry experts, business consultants and IT specialists across large government and private sector companies. The people who work in Yakshna are as diverse as our services.

We recognize the crucial importance of each individual to our success and offer competitive compensation, comprehensive benefits and innovative training.

Opportunities here exist across many services and across many US states. Don’t forget to refer your friends to earn cash for qualified referrals! Based on your relevant profile and our current requirements, our recruitment team will contact you as soon as possible.

Jul 22 2025

Job Title

Job Description

768270 VITA SCC - IT Security Auditor 3

Yakshna Solutions, Inc ., (YSI)is a CMMI Level 3 assessed, ISO 9001, 20000:1, 27001 certified, woman-owned small business enterprises, headquartered in Herndon, Virginia, USA. YSI provides professional IT solutions and services to business corporations and government organizations. YSI is committed to serve its business communities as a leading IT vendor providing innovative, quality, and cost-effective IT business solutions and services.

We offer a competitive benefits package that includes the following: 401(k), health, dental, and vision insurance, Life insurance, short-term and long-term disability insurance, paid time off, training, and professional development assistance.

The Virginia State Commission Corporation (SCC) Health Benefit Exchange division is seeking an experienced IT Auditor to serve their Richmond office. This will require two days on site (Tuesday and Thursday).

The SCC’s Health Benefit Exchange division is seeking an experienced IT auditor to support our transition to a new security standard and strengthen our third-party risk management program. This role will help interpret and implement updated security requirements, conduct audits and assessments of both internal processes and external vendors and partners evaluating controls and recommending improvements.

Job Responsibilities:

• Assess current security controls and processes against new CMS, IRS, and SCC security standards.
• Identify gaps and recommend remediation steps to achieve and maintain compliance.
• Plan, lead, and execute development and updates to policies, procedures, and documentation to reflect requirements.
• Design, implement, and train on the process for assessing partners and vendors, ensuring alignment with security standards.
• Develop assessment tools, workflows, and scoring model to evaluate and measure the effectiveness and compliance of vendor and partner security controls.
• Evaluate the security posture of vendors and partners to ensure information security contractual, information sharing, and data sharing agreement requirements are met.
• Test the effectiveness of operational and management controls using interviews, document reviews, and observation.
• Analyze, assess, report, and present on audit findings, risk exposure, and recommendations.
• Support information security continuous monitoring and incident response programs.
• Perform related work as required.

Required skills and experience

• Audit and compliance/information security/information technology experience or combination thereof (8+ years required)
• Information Security control audit and assessment experience
• NIST 800-53 or other security framework
• Perform testing, analysis, reporting, and develop remediation plans for compliance with operational and management controls
• Develop and update policies, procedures, and documentation
• Healthcare, health insurance, or ACA
• Industry recognized certification – CISA, CIA, GSNA, CISSP, or equivalent

YSI is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.