Information Technology Auditor I/II

About The Position

Requirements

• Ability to maintain the security and integrity of the infrastructure per Governor Abbot Executive Order GA-48.
• Knowledge of Information Systems Audit Standards.
• Knowledge of Generally Accepted Government Auditing Standards.
• Knowledge of Global Internal Audit Standards.
• Knowledge of information technology principles, processes, and systems including information security and control practices.
• Knowledge of DFPS programs, functions and systems.
• Knowledge of generally accepted information technology audit and financial standards and practices.
• Knowledge of information technology security and control practices.
• Knowledge of information technology management practices.
• Skill in collecting and analyzing data.
• Skill in using analytical software tools.
• Skill in conducting and documenting interviews.
• Skill in identifying information controls and evaluating their design and effectiveness.
• Skill in data analysis methods, and other computer applications.
• Ability to communicate effectively orally and in writing.
• Ability to work cooperatively in a team environment.
• Ability to observe, understand, and document efficiency, accuracy, and compliance of information technology operations.
• Ability to apply audit standards through practical application.
• Knowledge of information technology security and control frameworks, including the NIST Risk Management Framework, Texas Cybersecurity Framework, and COBIT (Auditor II).
• Skill in collection, organization, and systematic analysis of data (Auditor II).
• Skill in designing test work to validate design and effectiveness of IT controls (Auditor II).
• Skill in documenting processes through flowcharts (Auditor II).
• Ability to communicate effectively in interviews and meetings (Auditor II).
• Ability to write concise and clear work papers and reports (Auditor II).
• Bachelor’s in business, technology or related field from an accredited college or university is required (Auditor I).
• Two years of full-time auditing, accounting, management information systems, quality assurance, process improvement, compliance or other related business experience (Auditor II).

Nice To Haves

• Certification as a Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Public Accountant (CPA), or Certified Internal Auditor (CIA) is preferred (Auditor I).
• Experience in auditing, accounting, management information systems, quality assurance, process improvement, compliance or other related business experience is preferred (Auditor I).
• Health and human services or Texas state government experience is preferred (Auditor II).

Responsibilities

• Performs entry-level or complex information systems auditing work.
• Conducts audits of information systems, platforms, and operating procedures.
• Assists with or prepares audit findings regarding the efficiency, accuracy, and security of financial and non-financial programs.
• Identifies and defines issues, develops criteria, reviews and analyzes evidence, and documents client processes and procedures.
• Participates in information technology (IT) audits and related projects, including developing IT risk assessments, scopes, objectives, and procedures.
• Performs IT audits of automated systems by analyzing evidence, mapping workflows, and documenting current IT processes and procedures.
• Reviews and analyzes technical documentation, system access logs, and process workflows to assess the adequacy and effectiveness of IT controls.
• Documents IT audit work as per applicable audit standards.
• Performs information technology security reviews and general information technology or application control reviews.
• Conducts IT security control reviews by evaluating agency practices related to user access, system configurations, data encryption, and cybersecurity protocols.
• Participates in application control reviews of core business systems by analyzing workflows, system settings, and change management processes.
• Performs data analytics and IT audit test work to provide assurance that controls are in place to mitigate IT risks.
• Examines information technology control elements to mitigate information technology risks regarding the confidentiality, integrity, and availability of business information.
• Reviews access control settings, password configurations, and user account management practices.
• Evaluates system backup procedures, disaster recovery documentation, and data retention processes.
• Analyzes and tests the confidentiality, integrity, and availability of data in key business applications.
• Provides recommendations on the use, integration, maintenance, and enhancement of an entity’s information technology systems.
• Assists in the preparation of reports and presentations detailing audit results.
• Provides actionable recommendations to optimize the use, integration, maintenance, and enhancement of information technology systems.
• Compiles relevant information and evidence to support IT audit results, conclusions, findings, and recommendations.
• Assists with the review and testing of IT operating processes and controls.
• Prepares diagrams from walkthroughs, interviews, and testing to identify IT systems and related controls.
• Participates in internal audit engagement fieldwork of core technology platforms and business-critical information systems.
• Prepares system and data diagrams to identify manual and systems process interactions and critical controls (Auditor II).
• Uses audit software tools to document current-state system architectures and data flows (Auditor II).
• Provides technical support for financial and performance audits (Auditor II).
• Collaborates with performance internal audit teams to identify and extract relevant data (Auditor II).
• Reviews system access and control assessments to support financial process audits (Auditor II).
• Plans and executes assigned information technology (IT) audits (Auditor II).
• Supports audit objectives by identifying and developing methodologies for testing general IT controls (Auditor II).
• Evaluates IT general controls such as access management, backup and recovery procedures, and change management processes (Auditor II).
• Critiques risk-based assessments of technology platforms and related control environments (Auditor II).
• Develops evidence-based recommendations for improving the use and integration of information systems (Auditor II).
• Evaluates the effectiveness of current system maintenance and support practices (Auditor II).
• Identifies recurring technology-related control deficiencies or integration challenges (Auditor II).
• Carries out on-site tasks during scheduled audits of core technology platforms (Auditor II).
• Participates in internal audit engagements involving business-critical information systems (Auditor II).
• Monitors IT internal controls, such as security configurations, automated process controls, and system monitoring tools (Auditor II).
• Performs related work as assigned.

Benefits

• 100% paid health insurance for employee, and 50% paid for eligible family members
• Retirement plans with lifetime monthly payments after five years of state service
• 401(k) and 457 plans
• Paid vacation, holidays, and sick leave
• Optional dental, vision, and life insurance
• Flexible spending accounts for health and dependent care
• Employee discounts on gym memberships, electronics, and entertainment
• Public Service Loan Forgiveness eligibility