IT Internal Auditor
Description:
Schedule: Full-time
What You'll Do:
The position evaluates information technology processes and/or procedures to assess IT-related risks, evaluates design and/or effectiveness of IT controls, and determines compliance with IT industry standards and best practices to provide objective conclusions and recommendations. IT reviews can include but are not limited to the following: application/software development, database security, access controls, IT general controls (e.g., IT operations, physical access, IT change management), IT infrastructure, NIST cybersecurity, patch management, security and privacy controls, and cloud computing. The role requires the ability to work independently and as part of a team to perform quality work that adheres to the professional internal audit standards. Duties include but are not limited to:
Managing responsibilities and multiple concurrent projects with tight timelines.
Identifying and defining audit scope and objectives and developing criteria to effectively execute detailed audit work programs and procedures.
Exhibiting the highest level of objectivity in gathering, evaluating, and communicating information about the system or process being reviewed.
Conducting interviews and walkthroughs with agency subject matter experts.
Analyzing technical documents to determine relevant controls and performing testing to ensure controls are adequately in place.
Determining underlying causes of issues and developing recommendations to adequately address identified issues.
Preparing work papers, which includes clear and concise written observations.
Performing follow-up activities on prior audit issues reported and validating adequate agency remediation.
Documents business processes within process narratives or flowcharts, identifying risks and mitigating controls.
Develops risk and control matrices and test plans for key controls.
Provides guidance and training to new auditors.
Preferred Qualifications:
Ability to assist in non-IT reviews, such as business processes.
Prior experience conducting IT and cybersecurity-related audit OR auditing or IT auditing experience.
Certified Information Systems Auditor (CISA) or other relevant certification.
Knowledge and understanding of NIST 800-53 security controls.
Demonstrates verbal and written communication and strong partnering skills.
Experience in creating process documentation, developing audit plans, and performing audits required
Knowledge of MS Word, Excel, Visio and PowerPoint; Cloud Computing, TeamMate, Data Analytics experience a plus
What’s in it for you:
At the State of Ohio, we take care of the team that cares for Ohioans. We provide a variety of quality, competitive benefits to eligible full-time and part-time employees. For a list of all the State of Ohio Benefits, visit our Total Rewards website! Our benefits package includes:
Medical, Dental, Vision and Basic Life Insurance, Time Away From Work and Work/Life Balance, Employee Development Funds, Ohio Public Employees Retirement System, and Ohio Deferred Compensation.
3 yrs. exp. in IT audit, IT application development, IT security processes or IT project management.
-Or completion of undergraduate core program in computer science or related field; 12 mos. exp. in IT audit, IT application development, IT security processes or IT project management.
-Or equivalent of Minimum Class Qualifications For Employment noted above.
Job Skills: Auditing