IT Audit Manager

About The Position

Requirements

• Bachelor's degree and 3 years of relevant experience required or equivalent combination of education and experience
• Knowledge of network architecture, servers, databases, and cloud environments required
• Knowledge of data management practices, including data governance, protection, and privacy relevant to regulations such as HIPAA and GDPR required
• Knowledge of standards and best practices for cybersecurity protocols, including firewalls, intrusion detection, and encryption techniques required
• Knowledge of IT governance / control frameworks and standards (e.g., COBIT, HITRUST, NIST, ISO) required
• Proven experience in IT auditing or risk management, with a focus on assessing IT controls and cybersecurity required
• Proven experience in performing audits of IT systems, applications, and data security practices required
• Familiarity with Systems Development Life Cycle (SDLC) required
• Understands internal controls, business processes, auditing procedures and risk assessments required
• Proficient in PC functionality and Microsoft Excel, Word and PowerPoint required
• Ability to manage appropriate steps to get projects completed; has strong abilities to organize people and processes required
• Ability to present ideas effectively and persuasively and convey concepts in a wide-variety of forums (Speaking to large groups, one-on-one, etc.) required
• Ability to understand the “big” picture; champions University’s mission to those in all levels of the organization; sets short and long term goals to align business with University vision required
• Ability to write thoughts and concepts in a clear and organized manner; effectively manages formal and informal communication required
• Ability to understand how organizations operate required
• Ability to manage effectively in a highly political environment required
• Strong interpersonal skills required. Ability to effectively communicate and relate to all levels within and outside the organization required
• Able to use logic to solve challenging problems required
• Able to resolve problems in a fair manner and gain the respect and trust of others involved in the negotiations required.
• Able to make timely or planned decisions appropriate to the circumstances or situation required
• Continuous energy to see projects through to completion, especially when faced with difficult obstacles required.
• Ability to learn new technical skills and information adeptly required
• Ability to perform at a high level due to strong functional knowledge required
• Knowledge of electronic work papers required

Nice To Haves

• Systems implementation experience preferred.
• Experience in the health care and/or higher education environment preferred.
• CIA, CISA, CISM, CISSP, CRISC, CGEIT, CPA, and/or MBA upon hire preferred.

Responsibilities

• Develops, directs, plans and evaluates internal audit programs for the organization's information systems and related procedures to ensure compliance with the organization's policies, procedures and standards.
• Audits information systems applications to ensure that appropriate controls exist and that information produced by the system is accurate.
• Advises others on information systems, internal controls and security procedures.
• Prepares reports and recommendations for management on the results of information systems audits.
• Conducts annual audits and risk assessments of the University's related to a wide array of information systems areas.
• Evaluates the University's compliance with the standard requirements and assessment procedures.
• Completes the applicable report for the assessment and attestation of compliance, obtains any required signatures, and submits annually to the University's acquiring bank.
• Plans and leads meetings with clients to discuss the goals and objectives of the audit, with a focus on business processes and internal controls.
• Develops audit procedures geared toward helping business units achieve objectives and identifies areas of exposure that may prevent objectives from being met while allowing for a broad range of coverage to maximize impact.
• Promotes the ability to provide advisory services through continuous communication with management.
• Executes internal control risk assessments and develops customized audit strategies for the client under audit.
• Creates a plan for the scope, timing, and resources needed to complete assigned audit projects and presents to leadership.
• Obtains, analyzes, and appraises evidentiary data as a basis for an informed, objective opinion on the overall efficiency and effectiveness of management's internal controls, business processes, and ability to meet goals and objectives.
• Prepares formal reports expressing opinions on the adequacy and effectiveness of activities performed.
• Makes presentations to leadership prior to and at the conclusion of audits, addressing deficiencies and explaining recommended effective actions.
• Uses technology to support audit projects.
• Identifies, clarifies, and researches problems to find the best solutions.
• Performs independent analysis and reasoning with attention to detail, while challenging the culture and status quo to generate new ideas.
• Other duties as assigned.