IT Auditor

State of North Carolina•Raleigh, NC

3d•$81,504 - $101,881•Hybrid

About The Position

The Department of Revenue (DOR) is a governor’s cabinet-member agency charged with administration and enforcement of state tax laws. The DOR is headed by the Secretary of Revenue. This position is considered part of the Secretary’s Office. Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. The incumbent will report to headquarters located at 501 N. Wilmington St., Raleigh, NC 27604 a minimum of three days per week. The primary purpose of the Information Systems Internal Auditor is to assist the Chief Audit Executive: 1) Perform risk-based audits of the organization’s information technology environment, including, but not limited to, hardware, software, operational, development, testing, and production to ensure compliance with all applicable federal and state rules, laws, and regulations and organizational policies and procedures. Audits must adhere to the most current applicable departmental policies and procedures, Institute of Internal Auditing’s International Standards for the Professional Practice of Internal Auditing and other guidance as provided by the NC Office of Internal Audit. More specifically: Plan each audit, including, but not limited to: • Identifying and assessing audit risks. • Reviewing and/or developing audit program and workpaper templates. Perform fieldwork, including, but not limited to: • Conducting surveys and interviews. • Performing observations. • Documenting processes and procedures. • Developing methodologies to determine sample sizes for testing. • Conducting tests and interpreting results. • Gathering sufficient audit evidence to support conclusions; performing root cause analysis. • Performing account and data analysis. • Performing physical inventory counts and reconciliations. • Performing site visits / inspections of service centers, data centers, and third-party vendors. • Writing audit reports. • Performing follow-up testing to determine that management's remediation efforts to address audit findings were done properly, timely, and effectively. 2) Assist the internal audit team with data extraction, data analytics, use of computer-assisted auditing tools and techniques and other information systems and technology needs.

Requirements

Experience working within a Technology Risk domain role (i.e., Internal Audit, Information Security, Cybersecurity, Security Technologies, IT Governance, etc.).
Thorough knowledge and understanding of generally accepted information system audit standards, principles, and methodologies, such as, but not limited to, the COBIT 2019 IT Governance Framework and the NIST Cybersecurity Framework.
Bachelor’s degree in computer science, accounting, or a related IT degree from an appropriately accredited institution and four years of experience in data analytics auditing, or information systems, programming, or technology auditing; or Associate degree in computer science from an appropriately accredited institution and six years of experience in data analytics auditing, or information systems, programming, or technology auditing; or an equivalent combination of education and experience.

Nice To Haves

Certified as a CISA, CISSP, CISM or other comparable professional certification is considered a plus.
Proficiency in artificial intelligence, data analytics, and auditing software considered a plus.

Responsibilities

Perform risk-based audits of the organization’s information technology environment, including, but not limited to, hardware, software, operational, development, testing, and production to ensure compliance with all applicable federal and state rules, laws, and regulations and organizational policies and procedures.
Plan each audit, including identifying and assessing audit risks, and reviewing and/or developing audit program and workpaper templates.
Perform fieldwork, including conducting surveys and interviews, performing observations, documenting processes and procedures, developing methodologies to determine sample sizes for testing, conducting tests and interpreting results, gathering sufficient audit evidence to support conclusions, performing root cause analysis, performing account and data analysis, performing physical inventory counts and reconciliations, and performing site visits / inspections of service centers, data centers, and third-party vendors.
Write audit reports.
Perform follow-up testing to determine that management's remediation efforts to address audit findings were done properly, timely, and effectively.
Assist the internal audit team with data extraction, data analytics, use of computer-assisted auditing tools and techniques and other information systems and technology needs.

Benefits

health insurance options
standard and supplemental retirement plans
NCFlex program (numerous high-quality, low-cost benefits on a pre-tax basis)
The best funded pension plan/retirement system in the nation according to Moody’s Investor’s Service
Twelve paid holidays per year
Fourteen vacation days per year which increase as length of service increases and accumulates year-to-year
Twelve sick days/year which are cumulative indefinitely
Paid Parental Leave
Personal Observance Leave and Community Service Leave
Longevity pays lump sum payout yearly based on length of service
401K and 457 plans
Eligibility for the Public Service Loan Forgiveness Program