Jefferson County Public Schools (JCPS) is seeking a qualified co-sourcing partner(s) to supplement the Internal Audit Department. This partnership is intended to enhance the capacity and expertise of the internal audit function, ensuring comprehensive coverage of high-risk areas and effective execution of IT audit engagements. A. IT Governance and Risk Management • Evaluate the District’s IT governance framework, including policies, procedures, and alignment with best practices (e.g., NIST, ISO 27001, CIS, COBIT). • Assess IT risk management practices, including risk identification, mitigation, and monitoring. • Review the role of IT leadership in strategic decision-making and alignment with organizational goals. B. Cybersecurity and Data Protection • Conduct cybersecurity risk assessments, including network security, endpoint security, cloud security, and identity and access management (IAM). • Assess security controls related to personally identifiable information (PII) and sensitive student/employee data. • Evaluate incident response plans, disaster recovery strategies, and business continuity plans. • Perform penetration testing and vulnerability assessments, where applicable. • Perform gap analysis to facilitate BC/DR planning. C. Compliance and Regulatory Reviews • Assess compliance with FERPA, HIPAA (if applicable), and other relevant state and federal regulations. • Review data privacy policies and security measures to protect student and staff information. • Identify gaps in compliance and provide recommendations for remediation.
