New York City Board Of Education Retirement System

Buyer seeks qualified and experienced IT audit firm to conduct a comprehensive Information Security Audit. The audit will assess security posture, identify vulnerabilities, and ensure compliance with regulatory standards across buyer's IT infrastructure, policies, and operations. Buyer manages approximately $9 billion in member assets and serves approximately 50,000 active members. The resulting audit report should detail vulnerabilities and provide specific recommendations for improvements.

• 4/28/2025 - RFQ Issued / Release Date
• 5/12/2025 - Deadline for written inquiries
• 5/23/2025 - Posting of Q&A document
• 6/13/2025 - Proposal Due Date
• 8/1/2025 - Anticipated project start

• Actively engaged in providing IT audit services
• Minimum five years experience in IT audit services
• Certified professionals such as CISA, CISM, or CRISC
• Freedom from conflicts of interest
• Three reference letters from previous engagements

• Evaluate IT governance framework and strategic alignment with business objectives
• Review information security policies, standards, and procedures
• Conduct vulnerability assessments and penetration testing
• Evaluate internal controls over key systems and applications
• Review data encryption, storage, and backup mechanisms
• Assess incident response plans and reporting protocols
• Review vendor risk management processes
• Evaluate compliance with relevant laws and regulations
• Present key findings to BERS' Audit Committee
• Provide practical remediation strategies for identified risks