Senior IT Auditor

About The Position

Requirements

• Bachelor's degree
• Minimum of five years of audit experience, to include at least three years of IT audit experience or technical equivalent experience.
• Professional certification such as CISA, CISSP, or CISM.

Nice To Haves

• Ability to independently design and perform IT audits and new systems implementation reviews of information systems in a multi-platform computing environment.
• Strong understanding of IT internal controls.
• Outstanding analytical, interpersonal and written communication skills.
• Ability to communicate effectively with individuals at all organizational levels.

Responsibilities

• Independently performs information security and IT operations audits and/or advisory services across a broad range of systems and technologies including but not limited to: information security, vulnerability management, application controls, network infrastructure, databases, operating systems, IT general controls, pre and post system implementation, development operations, cloud software and platforms, disaster recovery, and incident response.
• Prepare IT audit plan for each audit assignment that ensures effective audit coverage based on an assessment of potential risks and exposures.
• Design detailed audit work programs (in many cases customized for the environment), conduct interviews, document and analyze processes/compliance with applicable federal/state laws and University policies, and apply critical thinking to evaluate risks and controls and assess the results of audit testing.
• Consistently document relevant facts and information to support the work performed and conclusions drawn so other reviewers can follow the auditor's logic and methodology.
• Develop audit findings, determine root causes, and develop relevant and achievable recommendations based on leading practice, the risk profile of the client and the UW.
• Effectively communicate audit results, both verbally and in writing, so they are persuasive, placed in the appropriate context, and understood by the recipient. Prepare professional audit reports summarizing findings, recommendations, and management responses.
• Perform follow-up reviews to ensure that recommendations are implemented to appropriately address risks identified.
• Conduct audits in accordance with professional and departmental standards. Complete work on time and within budget with limited instructions, yet know when to seek guidance from supervising manager when circumstances warrant. May work on audits independently as part of a team project.
• Partner with other auditors to provide guidance and assistance in using computerized audit techniques to extract and analyze data from complex computer systems or in performing evaluations of IT controls.
• Utilize appropriate tools to conduct computer forensics in support of audits or investigations.
• Consult with University departments on new system development processes to ensure that appropriate controls are included in the design of planned applications and systems.
• Critically apply insights and knowledge of IT and information security to enable clients to solve complex institutional problems while effectively managing risks.
• Serve on University committees as requested.
• Keep current on technical IT, security, accounting, auditing and government pronouncements.
• Participate in University wide risk assessments and Internal Audits quality and process improvement program as requested.
• Coordinate maintenance of server utilized by Internal Audit, including applying appropriate patches.
• Review, recommend, and install software upgrades related to electronic work paper software utilized by Internal Audit.
• Perform periodic tests of backup/recovery.
• Review and periodically update security plan and department IT policies and procedures.

Benefits

• Outstanding benefits
• Professional growth opportunities
• Unique resources in an environment noted for diversity, intellectual excitement, artistic pursuits, and natural beauty.