IT Systems Auditor Infectious Diseases Institute

The Information Systems Internal Auditor will conduct a comprehensive assessment and evaluation of the organization’s information technology systems and processes and carry out investigations into reported irregularities. The IT Systems Auditor will assist with audit functions such as identifying and assessing risks; assess IT security controls, identify vulnerabilities, ensure compliance with donor requirements and communicate with various teams regarding audits and initiatives.

Key Responsibilities
• Perform general and application control reviews for simple to complex information systems of the Institute.
• Perform information control reviews to include system development standards, operating procedures, system security, programming controls, communication controls, backup and disaster recovery, and system maintenance.
• Perform reviews of internal control procedures and security for systems under development and/or enhancements to current systems.
• Reviewing disaster recovery and business continuity plans to ensure preparedness for potential IT disruptions or security breaches.
• Prepare audit finding memoranda and working papers to ensure that adequate documentation exists to support the completed audit and conclusions.
• Prepare and present written and oral reports and other technical information in a pertinent, concise, and accurate manner for distribution to Management and presentation to the Board Audit Committee.
• Conducting vulnerability assessments and penetration testing and recommend remedial actions.
• Consult with and advise staff on various operational issues related to computerized information systems, and on general business operations as needed.
• Follow up on external IS/IT audit findings to ensure that Management has taken corrective action(s).
• Coordinate and interact with external auditors as may be required.
• Assessing compliance with data privacy regulations and ensuring the protection of sensitive information, including patient records among others.
• Assist and train internal audit staff in the use of computerized audit techniques, and in developing methods for review and analysis of computerized information systems.
• Conduct operational, compliance, financial and investigative audits, as assigned.
• Offer support in identifying and evaluating the organization’s risk areas and provides input to the development of the Annual Audit Plan.
• Work under limited supervision with moderate latitude for initiative and independent judgment.
• Pursues professional development opportunities, including external and internal training and professional association memberships, and shares information gained with co-workers.

Person Specification
• Confidentiality
• Broad knowledge of application of information systems risk and control practices.
• Knowledge of Microsoft Dynamics NAV is preferable.
• Standards for the Professional Information Systems Audit and Control as developed by ISACA.
• Standards for the Professional Practice of Internal Auditing and the Code of Ethics developed by the Institute of Internal Auditors.
• Knowledge of auditing concepts and principles.
• Working knowledge and experience with general computer controls including Change Management, Access and Security, and IT Operations.
• Applying IT and cybersecurity control frameworks, including NIST, PCI, and COBIT
• Knowledge of Internal Audit software preferred.
• Knowledge and fundamental understanding of the following types of audits: (a) financial statement audits, (b) internal or operational audits,
• Knowledge of federal, state, and local laws, regulations, and standards governing all aspects of the utilization of computer systems.
• Analytical skills, judgment, and decision-making ability.
• Ability to communicate effectively with technical and non-technical stakeholders.