IT Systems Auditor

• Broad knowledge of application of information systems risk and control practices.

• Knowledge of Microsoft Dynamics NAV is preferable.

• Standards for the Professional Information Systems Audit and Control as developed by ISACA.

• Standards for the Professional Practice of Internal Auditing and the Code of Ethics developed by the Institute of Internal Auditors.

• Knowledge of auditing concepts and principles.

• Working knowledge and experience with general computer controls including Change Management, Access and Security, and IT Operations.

• Applying IT and cybersecurity control frameworks, including NIST, PCI, and COBIT

• Knowledge of Internal Audit software preferred.

• Knowledge and fundamental understanding of the following types of audits: (a) financial statement audits, (b) internal or operational audits,

• Knowledge of federal, state, and local laws, regulations, and standards governing all aspects of the utilization of computer systems.

• Analytical skills, judgment, and decision-making ability.

• Ability to communicate effectively with technical and non-technical stakeholders

• Broad knowledge of application of information systems risk and control practices.

• Knowledge of Microsoft Dynamics NAV is preferable.

• Standards for the Professional Information Systems Audit and Control as developed by ISACA.

• Standards for the Professional Practice of Internal Auditing and the Code of Ethics developed by the Institute of Internal Auditors.

• Knowledge of auditing concepts and principles.

• Working knowledge and experience with general computer controls including Change Management, Access and Security, and IT Operations.

• Applying IT and cybersecurity control frameworks, including NIST, PCI, and COBIT

• Knowledge of Internal Audit software preferred.

• Knowledge and fundamental understanding of the following types of audits: (a) financial statement audits, (b) internal or operational audits,

• Knowledge of federal, state, and local laws, regulations, and standards governing all aspects of the utilization of computer systems.

• Analytical skills, judgment, and decision-making ability.

• Ability to communicate effectively with technical and non-technical stakeholders

• Perform general and application control reviews for simple to complex information systems of the Institute.

• Perform information control reviews to include system development standards, operating procedures, system security, programming controls, communication controls, backup and disaster recovery, and system maintenance.

• Perform reviews of internal control procedures and security for systems under development and/or enhancements to current systems.

• Reviewing disaster recovery and business continuity plans to ensure preparedness for potential IT disruptions or security breaches.

• Prepare audit finding memoranda and working papers to ensure that adequate documentation exists to support the completed audit and conclusions.

• Prepare and present written and oral reports and other technical information in a pertinent, concise, and accurate manner for distribution to Management and presentation to the Board Audit Committee.

• Conducting vulnerability assessments and penetration testing and recommend remedial actions.

• Consult with and advise staff on various operational issues related to computerized information systems, and on general business operations as needed.

• Follow up on external IS/IT audit findings to ensure that Management has taken corrective action(s).

• Coordinate and interact with external auditors as may be required.

• Assessing compliance with data privacy regulations and ensuring the protection of sensitive information, including patient records among others.

• Assist and train internal audit staff in the use of computerized audit techniques, and in developing methods for review and analysis of computerized information systems.

• Conduct operational, compliance, financial and investigative audits, as assigned.

• Offer support in identifying and evaluating the organization’s risk areas and provides input to the development of the Annual Audit Plan.

• Work under limited supervision with moderate latitude for initiative and independent judgment.

• Pursues professional development opportunities, including external and internal training and professional association memberships, and shares information gained with co-workers.