IT General Controls and Cybersecurity Audit Service

The Chicago-based government authority is seeking a vendor to provide IT general controls and cybersecurity audit services. The agency needs independent internal audit assurance to verify that key IT general controls and cybersecurity governance, risk management, and resilience practices are designed appropriately and operating effectively. This initiative aims to improve leadership visibility of cybersecurity risk, reduce operational disruptions from IT changes, and assess the agency's preparedness to detect, respond to, and recover from cybersecurity incidents. The scope of work requires the selected vendor to perform risk-based audit planning aligned with strategic, operational, and technology objectives. The vendor must assess logical access controls, evaluate IT change and operational processes, and validate that IT and cybersecurity controls work in practice. Additionally, the project covers providing actionable insights for continuous improvement and enabling clear ownership, remediation tracking, and governance follow-up. Eligible bidders must be onshore organizations based entirely in the United States. The agency requires all performance of the work to be conducted offsite. Bidders must submit their proposals digitally via email or through the designated online portal. The agency is currently looking for proposals to determine the budget for this engagement. The procurement schedule includes a pre-bid meeting on June 23, 2026. Bidders must submit all questions regarding this opportunity no later than June 26, 2026.