Rutgers, The State University New Jersey is seeking a Senior IT Auditor for Audit and Advisory Services. Reporting to the Audit and Advisory Services Managers, and to the Director of Audit and Advisory Services, the Senior IT Auditor position exists to provide professional, independent, and objective assurance and consulting services. The Senior IT Auditor designs these services to add value and improve operations in units with an emphasis on IT operations that are centralized in the Office of Information Technology (OIT), distributed across the university (departments, schools, centers, etc.), and provided by third-parties (cloud services). This position also assists OIT and units accomplish their mission and objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes, primarily as they relate to IT.
Among the key duties of this position are the following:
Manages audit and advisory services, delivering professional services to assist management accomplish goals and objections
Consults with university managers regarding risk management, control, and governance processes
Monitors client's progress on corrective actions
Partners with university leaders/management on committees and task forces
Teaches internal control concepts and applications
Supervises and mentors student interns
Supports Audit and Advisory Services department operations
Maintains quality and proficient services
Minimum Education and Experience:
Bachelor's Degree in Computer Science, or Business related discipline (i.e. Accounting, Business/Public Administration, and Finance).
A minimum of five (5) years audit experience is required, including at least four (4) years of IT audit experience
Acquired advanced knowledge of computer hardware and software is also required
Required Knowledge, Skills, and Abilities:
The Senior IT Auditor must:
understand the components of sound IT risk management, control, and governance processes.
possess advanced knowledge of computer systems and cybersecurity, and IS auditing principles
know and abide by the Institute of Internal Auditors' Professional Practice Standards, and apply ISACA's good- practice framework for IT management and governance (COBIT) in their day-to-day work.
demonstrate a wide knowledge of IT auditing techniques.
keep abreast of breaking developments in IT and auditing literature, as well as performing research through the auditor's network of resources, for issues specifically addressing the university, especially emerging computing risks and vulnerabilities.
understand management and control model principles.
be aware of and understand the policies, rules, regulations, laws, and statutes pertaining to their engagement.
The Senior IT Auditor must:
be analytical and observant.
interpret trends, relationships, and problems from financial, statistical, and computer log data.
assess departmental operations from a procedural level, (where a system administrator may not follow a task) to a university policy level, where recommendations might be made to the Boards regarding new legislation affecting university IT governance.
be able to apply advanced cybersecurity and auditing principles in all their engagements with university clients.
choose the appropriate audit technique for use depending on the circumstances of their assignment.
be alert to conditions in systems, which demonstrate control strengths, disguise weaknesses, and present opportunities for fraud.
be able to apply project management principles to work assignments.
exhibit supervisory and teaching skills when working with student interns
have advanced writing skills to write audit reports, letters, workpapers and other service communications.
be able to help audit staff design and apply appropriate computer assisted auditing techniques.
The Senior IT Auditor is expected to:
capture business and IT processes, information and communication flows, internal control systems, and IT systems of varying complexities for analysis and evaluation. They then must apply audit procedures appropriate to the circumstances. This work often involves reading, interpreting, and/or gaining an understanding of vast amounts of documentation, including, but not limited to: federal, state, and local statutes, administrative codes, federal and state agency mandates, contracts with external organizations, university and departmental policies and procedures, and cybersecurity and IT systems documentation.
be an excellent listener so that engagements serve clients' needs, while achieving the objectives of Audit and Advisory Services and the university.
express himself/herself clearly and professionally in all communications. Interpersonal skills are essential as this Senior meets and communicates with every level of the University community.
value frequent communications with Audit and Advisory Services management, subordinates, as well as clients.
possess advanced personal computer abilities so theycan, or help others to, prepare reports, record project timekeeping, create spreadsheets and PowerPoint presentations, flowchart control systems, and utilize various analysis software. He/she should also be able to research the web.
have the self-discipline to progress on concurrent work assignments and tasks.
maintain confidentiality on all assignments and occasionally work under stressful conditions (i.e. investigations, politically charged issue).
make independent, professional, and supportable judgments on every assignment. Although a high -level of independence is given to this position, the incumbent must be flexible to take direction from Audit and Advisory Services management.
facilitate complex discussions on control matters.
demonstrate project management skills through completing audit assignments on, or close to, budget hours.
Additional professional certifications such as a Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Management (CISM), Certified Database Privacy Security Engineer (CDPSE), Certified in Risk and Information Systems Control (CRISC)
An advanced degree such as a Master of Business Administration (MBA) or Master of Computer Science (MCS)
Certified Internal Auditor (CIA) or other certifications as a Certified Public Accountant (CPA), or as a Certified Fraud Examiner (CFE) are beneficial.
Rutgers, The State University of New Jersey, is a leading national public research university and the state's preeminent, comprehensive public institution of higher education. Rutgers is dedicated to teaching that meets the highest standards of excellence; to conducting research that breaks new ground; and to turning knowledge into solutions for local, national, and global communities. As it was at our founding in 1766, the heart of our mission is preparing students to become productive members of society and good citizens of the world. Rutgers teaches across the full educational spectrum: preschool to precollege; undergraduate to graduate and postdoctoral; and continuing education for professional and personal advancement. Rutgers is New Jersey's land-grant institution and one of the nation's foremost research universities, and as such, we educate, make discoveries, serve as an engine of economic growth, and generate ideas for improving people's lives.