IT Auditor II

The University System of Georgia (USG) is one of the nation’s largest and leading public higher education systems. The USG is committed to creating a more educated Georgia that is prepared for the global, knowledge economy by increasing degree completion, ensuring academic excellence, spurring research and creativity, driving business creation, and making effective and efficient use of resources. The USG will accelerate our state’s higher education commitment to educational attainment, accountability, partnerships, performance, value, and global competitiveness. Our organizational core values are founded upon the principles of Integrity, Excellence, Accountability, and Respect.

The USG is accepting applications for an IT Auditor II in the Internal Audit and Compliance department. The Board of Regents Internal Audit & Compliance’s (IAC) mission is to support the University System of Georgia (USG) management in meeting its governance, risk management, compliance and internal control responsibilities while helping to improve organizational and operational effectiveness and efficiency.

The IT Auditor II will perform IT audits of University System of Georgia (USG) institutions to assess compliance with the effectiveness of USG policies/strategic initiatives, evaluate internal controls and the availability, confidentiality and integrity of systems and networks, and provide management with recommendations for strengthening operations.

MAJOR DUTIES:

  • Conduct IT audits and consultations to ensure compliance with internal information system control procedures and regulations and serve as subject matter expert for identifying and assessing vulnerabilities and mitigation in system networks and recommending resolutions. This includes providing assistance to external auditors.
  • Draft and finalize audit reports to communicate observations, issues, risks, and recommendations.
  • Develop detailed test procedures to verify compliance with the applicable regulations, policies, and procedures and inputting into the automated audit management system database.
  • Develop and maintain productive team-oriented client and USG team relationships through individual contacts and group meetings.
  • Maintain awareness of significant changes across the industry and university system and the potential impact on the established control environment.
  • Pursue professional development opportunities, including external and internal training, and share information gained with co-workers.
  • Facilitate appropriate training and meetings with campus information technology auditors and Office of Internal Audit and Compliance staff.
  • Execute and coordinate reviews and audit activities with key departmental staff.
  • Willingness to learn, foster collaboration, and contribute as an effective member of the audit team.
  • Broad understanding and knowledge of information systems and technology including database, networking, operating systems.
  • Support internal projects including operational audits and basic system administration duties.

EDUCATION AND EXPERIENCE REQUIRED:

  • Bachelors in Information Systems, Computer Science or an equivalent combination of education, experience and training in a similar business-related field. Must have at least 2 - 4 years’ experience with internal or external auditing of Information Systems, IT controls, Information Security, IT compliance, and regulatory standards.
  • Excellent oral, written, and presentation skills.
  • Demonstrated ability in planning and project management, and in maintaining composure under pressure while managing multiple assignments and priorities.
  • Working knowledge of internal audit testing techniques and procedures.
  • Demonstrated problem resolution skills.
  • Demonstrated skills in researching, collecting and analyzing complex data, evaluating information and systems and drawing logical conclusions
  • Ability to apply business knowledge and practical experience to the identification, analysis, and solution process.
  • Demonstrated work successes utilizing project plans, issues logs, risk/mitigation strategies, governance risk controls (GRC) tools.
  • The position may be required to travel 15% domestically within the State of Georgia.

PREFERRED QUALIFICATIONS:

  • Master's degree in Information Systems, Computer Science or an equivalent combination of education, experience and training in a similar business-related field.
  • CISA, CISSP and/or CIA certifications.
  • Public accounting firm experience a plus with IT General Computer controls and/or information security controls auditing.
  • Experience with any of the following compliance areas is a plus – NIST, ISO. FERPA, PCI, FISMA, HIPAA, State and Federal Privacy laws.
  • Experience with the Higher Education industry is beneficial but not required.
  • Experience in Cyber Security Compliance, Operations, or Engineering is beneficial but not required.
  • Knowledge of COSO's Internal Control - Integrated Framework.
  • Experience using MS SharePoint, Wolters Kluwer TeamMate or similar platforms.
  • Experience using network and/or application vulnerability assessment tools.
  • Knowledge of scripting or IDEA, ACL, SAS, or similar data analytical tools