Specifications include, but are not limited to: The IT Auditor will conduct audits using a risk-based approach, guided by industry best practices and standards such as COBIT or NIST. This approach will involve a combination of interviews, document reviews, testing, and vulnerability assessments. Areas to be assessed encompass, but are not limited to: ■ Information Technology Infrastructure: Evaluation of the IT infrastructure, including hardware, software, applications, and network systems, to identify strengths, weaknesses, challenges, and potential risks. ■ Data Security and Privacy: Examination of data security measures, including access controls, encryption, and data protection protocols, to ensure compliance with industry standards and regulations. ■ Cybersecurity Practices: Assessment of cybersecurity practices and measures to detect and respond to cyber threats and vulnerabilities effectively. ■ Compliance with IT Standards: Ensuring compliance with generally accepted IT principles and industry best practices, as well as alignment with FCPS policies and procedures.
