Sr IT Auditor

As a community, the University of Rochester is defined by a deep commitment to Meliora - Ever Better. Embedded in that ideal are the values we share: equity, leadership, integrity, openness, respect, and accountability. Together, we will set the highest standards for how we treat each other to ensure our community is welcoming to all and is a place where all can thrive.

Job Location (Full Address):

Remote Work - New York, Albany, New York, United States of America, 12224

Opening:

Worker Subtype:

Regular

Time Type:

Full time

Scheduled Weekly Hours:

40

Department:

100034 University Audit

Work Shift:

UR - Day (United States of America)

Range:

UR URG 114

Compensation Range:

$86,482.00 - $129,723.00

Responsibilities:

GENERAL PURPOSE
Develops, directs, plans and evaluates internal audit programs for the organization's information systems and related procedures to ensure compliance with the organization's policies, procedures and standards. Audits information systems applications to ensure that appropriate controls exist and that information produced by the system is accurate. Advises others on information systems, internal controls and security procedures. Prepares reports and recommendations for management on the results of information systems audits.

ESSENTIAL FUNCTIONS

• Conducts annual audits and risk assessments of the University's related to a wide array of information systems areas.
• Evaluates the University's compliance with the standard requirements and assessment procedures.
• Completes the applicable report for the assessment and attestation of compliance, obtains any required signatures, and submits annually to the University's acquiring bank.
• Plans and leads meetings with clients to discuss the goals and objectives of the audit, with a focus on business processes and internal controls.
• Develops audit procedures geared toward helping business units achieve objectives and identifies areas of exposure that may prevent objectives from being met while allowing for a broad range of coverage to maximize impact. Promotes the ability to provide advisory services through continuous communication with management.
• Executes internal control risk assessments and develops customized audit strategies for the client under audit.
• Creates a plan for the scope, timing, and resources needed to complete assigned audit projects and presents to leadership. Obtains, analyzes, and appraises evidentiary data as a basis for an informed, objective opinion on the overall efficiency and effectiveness of management's internal controls, business processes, and ability to meet goals and objectives.
• Prepares formal reports expressing opinions on the adequacy and effectiveness of activities performed. Makes presentations to leadership prior to and at the conclusion of audits, addressing deficiencies and explaining recommended effective actions.
• Uses technology to support audit projects. Identifies, clarifies, and researches problems to find the best solutions. Performs independent analysis and reasoning with attention to detail, while challenging the culture and status quo to generate new ideas.

Other duties as assigned.

MINIMUM EDUCATION & EXPERIENCE

• Bachelor's degree and 3 years of relevant experience required or equivalent combination of education and experience

KNOWLEDGE, SKILLS AND ABILITIES

• Knowledge of network architecture, servers, databases, and cloud environments required
• Knowledge of data management practices, including data governance, protection, and privacy relevant to regulations such as HIPAA and GDPR required
• Knowledge of standards and best practices for cybersecurity protocols, including firewalls, intrusion detection, and encryption techniques required
• Knowledge of IT governance / control frameworks and standards (e.g., COBIT, HITRUST, NIST, ISO) required
• Proven experience in IT auditing or risk management, with a focus on assessing IT controls and cybersecurity required
• Proven experience in performing audits of IT systems, applications, and data security practices required
• Familiarity with Systems Development Life Cycle (SDLC) required
• Understands internal controls, business processes, auditing procedures and risk assessments required
• Proficient in PC functionality and Microsoft Excel, Word and PowerPoint required
• Ability to manage appropriate steps to get projects completed; has strong abilities to organize people and processes required
• Ability to present ideas effectively and persuasively and convey concepts in a wide-variety of forums (Speaking to large groups, one-on-one, etc.) required
• Ability to understand the “big” picture; champions University’s mission to those in all levels of the organization; sets short and long term goals to align business with University vision required
• Ability to write thoughts and concepts in a clear and organized manner; effectively manages formal and informal communication required
• Ability to understand how organizations operate required
• Ability to manage effectively in a highly political environment required
• Strong interpersonal skills required.
• Ability to effectively communicate and relate to all levels within and outside the organization required
• Able to use logic to solve challenging problems required
• Able to resolve problems in a fair manner and gain the respect and trust of others involved in the negotiations required.
• Able to make timely or planned decisions appropriate to the circumstances or situation required
• Continuous energy to see projects through to completion, especially when faced with difficult obstacles required.
• Ability to learn new technical skills and information adeptly required
• Ability to perform at a high level due to strong functional knowledge required
• Knowledge of electronic work papers required
• Systems implementation experience preferred.
• Experience in the health care and/or higher education environment preferred.

LICENSES AND CERTIFICATIONS

• CIA, CISA, CISM, CISSP, CRISC, CGEIT, CPA, and/or MBA upon hire preferred.

The University of Rochester is committed to fostering, cultivating, and preserving an inclusive and welcoming culture to advance the University’s Mission to Learn, Discover, Heal, Create – and Make the World Ever Better. In support of our values and those of our society, the University is committed to not discriminating on the basis of age, color, disability, ethnicity, gender identity or expression, genetic information, marital status, military/veteran status, national origin, race, religion, creed, sex, sexual orientation, citizenship status, or any other characteristic protected by federal, state, or local law (Protected Characteristics). This commitment extends to non-discrimination in the administration of our policies, admissions, employment, access, and recruitment of candidates, for all persons consistent with our values and based on applicable law.