Pay Grade: 35S

Context of the Job:

The Office of Internal Audit & Compliance operates under a Charter approved by the Board of Trustees Audit Visiting Committee. The Department’s mission defined in the Charter is to provide independent, objective assurance and consulting services to improve the operations and internal controls of the University. In fulfilling this mission, Internal Audit & Compliance assists the University in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of business risk management, control, and internal operating processes that support the University’s core missions of teaching, research, and service. The University is a complex diversified organization having a wide range of operations with unique internal control, compliance, and audit considerations.  

The Director is responsible for the systematic and objective verification, analysis and appraisal of the University’s information technology systems and controls. This position is expected to direct the IT audit program at the University. The Director will supervise staff members (or consultants) assigned to audit projects.  This position also contributes to the Audit Visiting Committee package and presents IT audit matters to executive leadership and the Audit Visiting Committee as needed.

This position represents Internal Audit on IT audit issues in the absence of the Assistant Vice President, coordinates IT audit testing with external auditors, undertakes special projects at the request of senior management, and assists in the administration of the Internal Auditing Department as requested.

This position regularly communicates with University faculty and administrators at all levels and external auditors on matters relating to internal controls, compliance, and audit findings and recommendations. Duties of the position require independent execution and decision making based on the International Standards for the Professional Practice of Internal Auditing, professional certification, experience, applicable laws and regulations and University policy. 

Major Responsibilities:

• Develops and completes IT Risk Assessments and Audit Programs for the identification, analysis, and evaluation of information technology risks and controls.
• Leads and conducts audits of controls over systems development, change management, logical access, security policy implementation, device and server configuration, cloud and vendor management, computer operations, and data recovery.
• Manages and performs independent audit fieldwork within budget and in accordance with the International Standards for the Professional Practice of Internal Auditing and Internal Audit Department standards.
• Shares expert IT knowledge and guidance with other audit team members.
• Utilizes data analytics to enhance risk identification and quantification, and to provide valuable business intelligence to management.
• Contributes to the overall effectiveness and value of the department by recommending and developing innovative approaches and solutions.
• Participates in performance of IT risk analyses, to contribute to the annual audit plan. Identifies emerging IT risks and research areas of exposure.
• Engages in management requested and/or consulting projects and provides advisory services to management on process redesign, major system initiatives, control framework, etc.
• Reviews HIPAA Security Rule and GLBA risk assessments performed by management.
• May conduct sensitive investigations of alleged financial improprieties, including fraud, reported through the University Financial Compliance Hotline and other sources. 
• Reviews findings and recommendations with University “clients” in a way that gains their acceptance of proposed changes and promotes professional rapport. Builds strong relationships with key stakeholders, senior leadership, and other key leaders. Serves as a trusted advisor.
• Develops and makes presentations to the University community concerning IT risks and controls.
• Independently communicates and presents to senior administrators and the Audit Visiting Committee on behalf of the Audit Department.
• Writes clear and actionable audit reports.
• Assists in preparing materials for Board of Trustees Audit Visiting Committee meetings.
• Follows-up on findings and recommendations to ensure appropriate corrective actions are taken.
• Supervises staff members assigned to audit projects and assists the Assistant Vice President in reviewing audit work papers.
• Develops and assists in implementing measures to enhance Internal Audit Department audit efficiency and office administration.
• Maintains current knowledge of new developments in the information technology and internal auditing fields as applicable to the University.
• Performs job-related duties as assigned.

 Qualifications:

• Bachelor’s degree in information systems, Computer Science, or related field and ten years relevant experience in IT auditing or related field, or equivalent combination of education and experience. Master's degree in a related field is preferred.
• Demonstrated experience with evolving, state-of-the-art information security technologies and approaches.
• Extensive working knowledge of and experience in the policy and regulatory environment of information security, especially in higher education is desirable.
• Supervisory and audit project management experience with proficiency in the following areas: information systems and technology; information security in computer network environments; cyber security; business continuity and disaster recovery.
• One or more relevant professional certifications (e.g., CISA, CISSP, CIA, CISM, CPA, CFE).
• Experience in the preparation and analysis of data through computer aided audit tools (e.g., ACL, Excel spreadsheets, or other database tools).
• Experience applying COSO, COBIT, ITIL, ISO, NIST, and other leading business and IT control and/or security frameworks.
• Experience with privacy and security standards including HIPAA, FERPA, GLBA and PCI.
• Knowledge of Higher Ed and experience performing operational audits in related areas would be a plus.   
• Effective oral and written communication skills, interpersonal skills and analytical/problem solving ability.
• Ability to make effective presentations to groups.
• Flexibility and the ability to change priorities quickly and capacity to handle multiple tasks.
• Ability to communicate and interact well with people of all ages and diverse backgrounds.
• Effective oral and written communication, analytical/problem solving and interpersonal skills.
• Project and people management skills to prioritize and lead multiple concurrent projects.
• Demonstrates an understanding and consideration of the differing needs and concerns of individuals with varying identities, cultures, and backgrounds.
• Committed to fostering a workplace culture of belonging, where diversity is celebrated, and equity is a core value.