IT/Operations Auditor - Internal Compliance

About The Position

Requirements

• Bachelor’s degree from an accredited four-year college or university in Information Systems, Computer Science, Cybersecurity, Accounting, or a related field (or equivalent experience).
• 1-2 years of experience in IT audit, IT risk management, cybersecurity, technology controls, or a related area in a complex organization (higher education or similarly decentralized environment preferred).
• Demonstrated knowledge of IT audit methodology, including planning/scoping, walkthroughs, control design and operating effectiveness testing, sampling, and evidence/workpaper standards.
• Knowledge of common technology control frameworks and standards (e.g., NIST , ISO 27001, COBIT , ITIL ) and the ability to apply them to assess control maturity and risk.
• Strong written and verbal communication skills, including the ability to translate technical issues into clear risk statements, recommendations, and executive-ready reporting.
• Ability to analyze logs, configurations, and data sets to support audit testing

Nice To Haves

• Operational audit experience is preferred; candidates without operational audit experience must be willing to learn and support operational audit engagements.

Responsibilities

• Perform IT audits and assessments under the direction of Internal Audit leadership, including scoping, risk assessment, process documentation, control evaluation (design and operating effectiveness), and maintaining well-supported workpapers.
• Test IT general controls and application controls (e.g., access, change management, operations, backup/recovery) and use data analytics where appropriate to identify anomalies and trends.
• Validate dashboards and report data by tracing key metrics to source systems, assessing data definitions and transformation logic, and documenting results to support audit conclusions and stakeholder reporting.
• Communicate findings to stakeholders, develop practical recommendations, and track management action plans, timelines, and evidence of completion through remediation and closeout.
• Summarize risks, findings, and recommendations; maintain issue tracking and provide periodic status reporting on open remediation items.
• As part of assigned audits, review third-party assurance (e.g., SOC reports) and vendor security documentation and evaluate whether contractual control requirements are defined and monitored; communicate gaps and recommendations to management for remediation.
• As part of assigned audits, evaluate the design and operating effectiveness of cybersecurity governance and key controls (e.g., access management, configuration/change control, incident response readiness, and logging/monitoring) and communicate observations and recommendations to management.
• As part of assigned audits, evaluate governance and controls over the use of Artificial Intelligence (AI)-enabled tools and processes (e.g., data protection, access controls, vendor oversight, and monitoring/quality controls) and communicate control gaps and recommendations to management.
• Assist the department in responsibly leveraging AI-enabled tools (e.g., automation, analytics, and document review) to improve efficiency and consistency across internal audit and compliance workflows, consistent with applicable policies and data protection requirements.
• Support non-IT internal audits and special projects as assigned (e.g., operational, compliance, or financial control reviews), including documentation, testing, and issue follow-up.
• Collaborate with internal stakeholders and external auditors as assigned; provide status updates, coordinate requests for evidence, and support follow-up testing to validate remediation.