Third‑Party IT Audit & Due Diligence Consultant
Remote role
Engagement Type: Short‑term consulting / assessment
Engagement Overview
Seeking an experienced IT Audit / Enterprise Systems Consultant to perform an independent, third‑party IT assessment and due‑diligence review of its current technology environment.
The purpose of this engagement is to document the current state, assess operational, security, and scalability risks, and provide actionable recommendations to support the business’s manufacturing operations across multiple U.S. facilities.
This is a current‑state assessment engagement — not a remediation, implementation, or compliance audit.
Environment Snapshot
• Business Footprint: 10 U.S. manufacturing facilities
• Core Platforms & Technologies:
• Azure (hybrid cloud)
• Citrix
• Active Directory
• Cisco networking
• SQL Server, SSRS, SSIS
• Power BI
• Macola ERP
• Custom applications and API integrations (VB.NET, C#)
The environment includes legacy systems integrated with modern platforms, supporting real‑time financial, operational, and inventory visibility.
Scope of Responsibilities
The consultant will independently evaluate and document the following areas:
Infrastructure & Network Architecture
• Hybrid Azure / on‑prem infrastructure design
• Network topology across multiple manufacturing sites
• High availability, redundancy, and disaster recovery posture
• Server lifecycle, patching, and operational resilience
Application & ERP Landscape
• Macola ERP configuration, customizations, and integrations
• Custom application architecture (VB.NET / C#)
• API bridges between ERP, CRM, inventory, and reporting systems
• Application dependencies and modernization risk
Data, Reporting & Analytics
• SQL Server and ETL (SSIS) architecture
• Reporting reliability (SSRS, Power BI)
• Data flow, ownership, and controls
• Risks to real‑time visibility and decision support
Security & Identity (High‑Level)
• Active Directory and hybrid identity model
• Access controls, admin privilege separation
• Security governance and operational risk posture
• Cyber‑risk considerations relevant to insurance and executive reporting
• (Note: No penetration testing required)
IT Operations & Governance
• IT operating model and key‑person dependency
• Vendor landscape and licensing exposure
• Change, monitoring, and escalation practices
• Post‑acquisition system rationalization insights
Key Deliverables
• Current‑State IT Assessment Report
• Executive summary (non‑technical)
• Detailed findings by domain
• Risk‑ranked observations
• Architecture & System Diagrams
• Infrastructure and network
• Application and integration flows
• Data and reporting architecture
• Recommendations Roadmap
• Prioritized improvement opportunities
• Near‑term vs long‑term initiatives
• Practical, business‑aligned guidance
• Supporting Documentation
• Application and system inventory
• Vendor and licensing overview