Associate Director - IT Audit

About The Position

Requirements

• 7 or more years of experience in auditing, compliance, risk management, or IT security.
• Knowledge and skills required for this position are normally acquired through a bachelor’s degree in management information systems, Information Security/Assurance, Computer Science, or a related discipline plus professional work experience in IT Auditing, Compliance, and\or Information Security roles.
• Demonstrated experience leading complex IT audits and advisory engagements in complex, decentralized, and matrixed organizations.
• Project management skills with demonstrated experience in meeting project timelines and deliverables and the ability to handle multiple project assignments simultaneously.
• Excellent written and verbal communication skills, effective report writing, and comfort presenting complex findings to both technical and non-technical audiences.
• Proven ability to build relationships and influence across diverse group of stakeholders.
• Understanding of the Institute of Internal Auditor’s International Professional Practices Framework, COSO Framework, and/or other professional internal control guidance.
• Working knowledge of security and technology frameworks (e.g., NIST, COBIT).
• Proficient with Microsoft Office applications including Word, Excel, Power Point, and Visio.
• High degree of professionalism, integrity, and accountability.
• Experience managing and mentoring audit teams.
• Strong analytical and problem-solving skills.

Nice To Haves

• Master’s degree is a plus.
• Proficiency with data analytics using Excel, Tableau, Cognos, or PowerBI is preferred.
• Certification as CISA, CITP, CISSP, CISM preferred, or working towards same.

Responsibilities

• IT Audits: Lead the execution of the IT audit program and manage progress towards program completion.
• As a team lead or individually, perform IT audits to provide an assessment of systems, processes and strategies for adherence with internal controls, and to determine that adequate policies and procedures exist to support operations.
• As a team lead or individually, identify audit objectives and scope for each review, develop audit programs, perform interviews and testwork, develop clear and concise audit work papers to support findings and recommendations, and write clear and concise reports to management.
• As a team lead or individually, manage and perform audits including, but not limited to, the following areas: General IT Controls, Data Security & Privacy, IT Compliance, IT Risk Assessments, IT Governance, and IT Operational Assessments.
• As a team lead or individually, conduct integrated audits which evaluate IT, operational, and financial controls.
• Work collaboratively with fellow members of the Audit & Advisory Services team.
• Perform pre-implementation reviews for new or modified application systems to assess application, data integrity and security controls.
• Demonstrate and apply a thorough understanding of complex information systems.
• Participate in ongoing IT risk assessment, identifying emerging IT risk, maintaining the IT audit universe.
• Continuously assess the evolving IT risk landscape and keep current the IT audit universe and risk assessment model to inform IT audit priorities and resource allocation.
• Lead audits and assessments of emerging technologies including artificial intelligence, machine learning, robotic process automation, and the like.
• Audit work performed must adhere to the Institute of Internal Audit’s (IIA) Standards for the Professional Practice of Internal Auditing.
• Through the course of performing audits, identify process improvement opportunities, as needed, and work with Audit & Advisory Services management on ongoing quality assurance efforts.
• Develop and maintain relationships with Information Technology Services management.
• Advisory and Special Projects: Review system security, controls, and user adoption risks to provide risk-informed advisory support and guidance to IT leadership during the pre-implementation phases of major technology initiatives.
• Lead or individually contribute to advisory projects, including pre-implementation system reviews, strategic technology initiatives, data governance programs, and resiliency/risk-response planning.
• Participate and contribute to University-wide initiatives.
• Perform advisory engagements, special reviews and confidential internal investigations, as assigned.
• Supervisory, Professional Development and Lifelong Learning: Seek ways to continuously develop professionally through attendance at seminars, in-house training sessions, professional exams/certification, and self-study.
• Carry forward information gathered into executing the audit plan.
• Foster a culture of continuous improvement and learning within the department.
• Supervise and evaluate the work of staff on projects.
• Provide opportunities to cross-train staff on audit activities and methodologies.
• Manage and develop audit staff, build technical audit capabilities across the team, support professional development plans, and conduct performance evaluations.
• Assist the Director with assessing staff resources to ensure delivery of timely and high-quality audit projects, advisory support, and investigations.

Benefits

• Northeastern has a comprehensive benefits package for benefit eligible employees. This includes medical, vision, dental, paid time off, tuition assistance, wellness & life, retirement- as well as commuting & transportation.
• Visit https://hr.northeastern.edu/benefits/ for more information.