Assistant Director - IT Audit

About the Opportunity

JOB SUMMARY

Reporting to the Director of Audit & Advisory Services, the Assistant Director - IT Audit is responsible for assessing, evaluating and making recommendations to management regarding the effectiveness of information technology (IT) risk management, governance, and internal controls inherent in the processes and activities of the University.

The Assistant Director will serve as a subject matter expert in evaluating IT risk, governance, and controls. The Assistant Director leads the IT audit program which has been established to evaluate the system and process controls to ensure the confidentiality, integrity, and availability of the university’s information assets and data. To meet the program’s objectives, the Assistant Director will examine the University’s IT infrastructure, systems, processes and technology-dependent operations.

The Assistant Director will lead high-impact audit projects and advisory engagements, and deliver strategic insights to University leadership. Our cross-functional approach to auditing involves close collaboration between IT and Operational audit areas. In this capacity, the Assistant Director will need to be familiar with the mission and strategy of the University and is expected to generate value-added recommendations that enhance the University's overall operations. The role requires strong leadership, project management, communication skills, and significant exposure to Senior Management throughout the organization.

The Assistant Director will participate in IT risk assessments, identify emerging IT risks, be familiar with complex systems and IT transformation projects, and maintain the IT audit universe which informs the development of the annual enterprise risk-based IT Audit Plan.

The Assistant Director is expected to:

• Perform and oversee professional audit work, individually and as a team leader, in conducting reviews of assigned organizational activities in accordance with both IIA and departmental standards.

• Plan and execute IT audit projects designed to provide an assessment of internal control processes and operational performance.

• Prepare detailed plans for performing individual audits including the identification of key IT risks and controls, determination of audit objectives, and development of an appropriate audit program. Use knowledge of the current environment and industry trends to identify potential issues and risks.

• Under minimal supervision, develop clear, concise, accurate, and complete audit work papers to support findings and recommendations, and write clear and concise reports for management.

• Conduct or assist in the performance of special projects or studies, including risk assessments, fraud investigations, audit department policy updates, and due diligence reviews.

• Participate in University-wide initiatives, bringing a risk and controls perspective to institutional planning, transformation, and technology strategy.

• Oversee engagements with external auditors, as needed, ensuring quality, consistency, and timeliness in deliverables.

• Assist the Director with resource planning and organizational strategy to meet department and University needs.

MINIMUM QUALIFICATIONS

• Knowledge and skills required for this position are normally acquired through a bachelor’s degree in Management Information Systems, Information Security/Assurance, Computer Science, or a related discipline plus at least five years or more in IT Auditing, IT Risk and Compliance, and\or Information Security. Master’s degree is a plus.

• Proficiency with data analytics using Excel, Tableau, Cognos, or PowerBI is preferred.

• Proficient with Microsoft Office applications including Word, Excel, Power Point, and Visio.

• Project management skills with demonstrated experience in meeting project timelines and deliverables and the ability to handle multiple project assignments simultaneously.

• Excellent written and verbal communication skills, effective report writing, and comfort presenting complex findings to both technical and non-technical audiences.

• Strong analytical and problem-solving skills.

• Proven ability to build relationships and influence across diverse group of stakeholders.

• Understanding of the Institute of Internal Auditor’s International Professional Practices Framework, COSO Framework, and/or other professional internal control guidance.

• Working knowledge of security and technology frameworks (e.g., NIST, COBIT).

• Certification as CISA, CITP, CISSP, CISM preferred, or working towards same.

• Demonstrated experience leading complex IT audits and advisory engagements in complex, decentralized, and matrixed organizations.

• High degree of professionalism, integrity, and accountability.

• Experience managing and mentoring audit teams.

KEY RESPONSIBILITIES & ACCOUNTABILITIES

1) IT Audits:

• As a team lead or individually, perform IT audits to provide an assessment of systems, processes and strategies for adherence with internal controls, and to determine that adequate policies and procedures exist to support operations.

• As a team lead or individually, identify audit objectives and scope for each review, develop audit programs, perform interviews and testwork, develop clear and concise audit work papers to support findings and recommendations, and write clear and concise reports to management.

• As a team lead or individually, manage and perform audits including, but not limited to, the following areas: General IT Controls, Data Security & Privacy, IT Compliance, IT Risk Assessments, IT Governance, and IT Operational Assessments.

• As a team lead or individually, conduct integrated audits which evaluate IT, operational, and financial controls. Work collaboratively with fellow members of the Audit & Advisory Services team.

• Perform pre-implementation reviews for new or modified application systems to assess application, data integrity and security controls. Demonstrate and apply a thorough understanding of complex information systems.

• Participate in ongoing IT risk assessment, identifying emerging IT risk, maintaining the IT audit universe. Continuously assess the evolving IT risk landscape and keep current the IT audit universe and risk assessment model to inform IT audit priorities and resource allocation.

• Audit work performed must adhere to the Institute of Internal Audit’s (IIA) Standards for the Professional Practice of Internal Auditing. Through the course of performing audits, identify process improvement opportunities, as needed, and work with Audit & Advisory Services management on ongoing quality assurance efforts.

• Develop and maintain relationships with Information Technology Services management.

2) Advisory and Special Projects:

• Lead or individually contribute to advisory projects, including pre-implementation system reviews, strategic technology initiatives, data governance programs, and resiliency/risk-response planning.

• Participate and contribute to University-wide initiatives.

• Perform advisory engagements, special reviews and confidential internal investigations, as assigned.

3) Supervisory, Professional Development and Lifelong Learning:

• Seek ways to continuously develop professionally through attendance at seminars, in-house training sessions, professional exams/certification, and self-study.

• Carry forward information gathered into executing the audit plan.

• Foster a culture of continuous improvement and learning within the department.

• Supervise and evaluate the work of staff on projects. Provide opportunities to cross-train staff on audit activities and methodologies.

• Assist the Director with assessing staff resources to ensure delivery of timely and high-quality audit projects, advisory support, and investigations.

Position Type

Additional Information

Northeastern University considers factors such as candidate work experience, education and skills when extending an offer.  

All qualified applicants are encouraged to apply and will receive consideration for employment without regard to race, religion, color, national origin, age, sex, sexual orientation, disability status, or any other characteristic protected by applicable law.

Compensation Grade/Pay Type:

Expected Hiring Range:

With the pay range(s) shown above, the starting salary will depend on several factors, which may include your education, experience, location, knowledge and expertise, and skills as well as a pay comparison to similarly-situated employees already in the role. Salary ranges are reviewed regularly and are subject to change.