Senior IT Auditor
About the Opportunity
Northeastern University's Audit & Advisory Services is seeking a motivated and talented individual to join our team as a Senior IT Auditor. This is an exciting opportunity to join our team of skilled professionals that work collaboratively throughout the University as a trusted partner. The team consistently delivers high-quality results in a challenging and fast-paced environment.
Working in a strong and established team and reporting to the IT Audit Manager, the Senior IT Auditor will participate in all phases of assigned audits, from planning to reporting. They will skillfully conduct and successfully execute a range of challenging audit work including executing audits from the annual audit plan, advisory projects, leading audit client engagements, owning data analytics (e.g. Power BI, Tableau, etc.), and developing a robust IT audit program. The Senior IT Auditor will be familiar with new areas of focus for technology audits: robotic process automation, machine learning and artificial intelligence, while continuous monitoring/auditing continues to evolve.
The ideal candidate will learn the business from the inside and gain broad exposure to a variety of IT systems and professionals working in software development, information and network security, change management, access control, IT infrastructure, server virtualization, cloud computing and other key areas of this growing department. You will have the opportunity to help facilitate positive change by examining business processes and recommending areas for improvement within the University. Your experience will not be limited to auditing IT systems. Our cross-functional approach enables collaboration between IT, Financial, and Operational audits while leveraging our department’s guiding principles. There will be significant exposure to senior management throughout the organization.
As a trusted partner and integral team member, the Senior IT Auditor:
- Maintains the highest level of professional and ethical standards as expressed in Audit & Advisory Services’ Audit Charter and the IIA’s International Professional Practice Framework (IPPF).
- Builds effective relationships with all levels of stakeholders across our campuses
- Provides value-added professional audit work, individually or as a collaborative team member, in conducting reviews of assigned organizational activities in accordance with the IIA and department standards.
- Plans and executes information technology (IT) audit projects designed to provide assessment of internal control processes and operational performance.
- Demonstrates and applies a thorough understanding of complex information systems.
- Prepares detailed plans for performing individual audits including the identification of key risks and controls, determination of audit objectives, and development of an appropriate audit program. Uses knowledge of the current IT environment and industry IT trends to identify potential issues and risks.
- Under minimal supervision, develops clear and concise audit work papers to support findings and recommendations, and writes clear and concise reports for management.
- Identifies potential audit areas, assists with assessing the degree of inherent risk, and estimating the time and skills required to complete audit projects. Contribute to the development of the IT audit plan based upon risk assessment, management’s goals and objectives, and the requirements of the Audit & Risk Committee.
- Performs or assists in performing special projects or studies, including risk assessments, fraud investigations, audit department policy updates, due diligence acquisition reviews.
- Participates in reviews of internal controls and security of systems under development as well as major IT projects and initiatives.
- Execute the IT audit plan including reviews of system development, program changes, operating systems, databases, applications software, data security, computer operations, network security, business continuity, and disaster recovery.
- Develop and incorporate security vulnerability assessments during audit reviews.
- During the course of an audit, identify audit objectives, develop audit programs, perform audit testing, and manage audit workpapers in accordance with professional standards for the practice of internal auditing.
- Facilitate the communication of audit results through written reports and oral presentation to management.
- Perform pre- and post-implementation reviews for new or modified application systems to assess data integrity and security controls.
- Develop and maintain relationships with Information Technology Services management.
Non-IT Audit, Consulting and Special Projects
- Perform integrated and operational audits as necessary to carry out the annual audit plan.
- Under the supervision of audit management, perform consulting engagements and investigations as assigned. Contribute to University wide initiatives as necessary.
Automation of Data Analysis Procedures
- Ownership of data analytics procedures using Microsoft Excel, PowerBI and other tools (e.g. Tableau) for automating and performing routine operational and financial audit tasks. Seek ways increase use of data analytics and robotics process automation.
- Seek ways to develop self professionally through attendance at seminars, in-house training sessions, professional exams/certification, and self-study in order to remain informed of current developments in IT auditing, maintain technical competence and proficiency from the standpoint of evaluating University operations and controls.
- Attend training and carry forward information gathered into executing the audit plan.
Candidate for this position should possess:
- Minimum of three years’ experience in public accounting, internal auditing, or compliance
- Bachelor’s Degree in Management Information Systems, Information Security/Assurance, Computer Science, or a related discipline. Master’s degree is a plus.
- Certification as CIA, CISA, CISSP, CISM preferred or working towards;
- Knowledge of Experience with security and technology frameworks (e.g. NIST).
- Knowledge of Institute of Internal Auditor Standards and Guidance, and awareness of ISACA
- Experience with data analytics and tools such as Tableau, Cognos, or Power BI
- Demonstrated ability to work independently and as part of a project team
- Ability to handle confidential information with professionalism and understanding of ethical responsibilities
- Excellent interpersonal, written, and verbal communication skills with ability to lead, interact with, influence, resolve conflict and drive decisions / accountability among individuals from a variety of cultures and disciplines
Position TypeLegal and Regulatory Administration
Northeastern University considers factors such as candidate work experience, education and skills when extending an offer.
Northeastern has a comprehensive benefits package for benefit eligible employees. This includes medical, vision, dental, paid time off, tuition assistance, wellness & life, retirement- as well as commuting & transportation. Visit https://hr.northeastern.edu/benefits/ for more information.
Northeastern University is an equal opportunity employer, seeking to recruit and support a broadly diverse community of faculty and staff. Northeastern values and celebrates diversity in all its forms and strives to foster an inclusive culture built on respect that affirms inter-group relations and builds cohesion.
All qualified applicants are encouraged to apply and will receive consideration for employment without regard to race, religion, color, national origin, age, sex, sexual orientation, disability status, or any other characteristic protected by applicable law.
To learn more about Northeastern University’s commitment and support of diversity and inclusion, please see www.northeastern.edu/diversity.