This job has expired

IT Audit Manager - Information Security

Employer
Princeton University
Location
Princeton, New Jersey

View more

Administrative Jobs
Institutional & Business Affairs, Business & Financial Management, Safety & Security
You need to sign in or create an account to save a job.

Job Details


Overview

The Office of Audit and Compliance (OAC) serves as a proactive partner and trusted advisor to University management and departments to assess and support the mitigation of risks that may have a significant impact on the achievement of the University’s objectives. The goal of the OAC is to promote a culture of risk and compliance awareness at the institution through the services it provides. OAC seeks an experienced candidate with high professional and ethical standards who will provide quality Information Security and IT Operations assurance and advisory services to the University.

Reporting to the Associate Director, IT Audit (Associate Director), the IT Audit Manager – Information Security (Audit Manager) will be responsible for independently planning, executing, developing, and communicating value added results of information security and IT operations assurance and advisory engagements to senior management. The Audit Manager will assist the Associate Director in procuring service providers for co-sourced audit projects and supervising their performance and deliverables to clients. As a member of the University’s Information Technology Audit team, the Audit Manager will conduct key strategy and planning activities related to the annual risk assessment and IT audit plan for the University. In addition, the Audit Manager should have a desire for continued career growth and a passion for learning new and emerging technologies to enable collaboration with the Associate Director in pursuit of continued innovation of the University’s IT audit function.



Responsibilities
The key responsibilities of this position will be to:

    Execute Information Assurance and Advisory ProjectsPerform information security and IT operations audits and/or advisory services across a broad range of systems and technologies including but not limited to: information security, vulnerability management, application controls, network infrastructure, databases, operating systems, IT general controls, pre and post system implementation, dev ops, cloud software and platforms, disaster recovery, and incident response.Design detailed audit work programs (in many cases customized for the environment), conduct interviews, document and analyze processes and apply critical thinking to evaluate risks and controls and assess the results of audit testing. Create detailed workpapers that substantiate audit findings.Evaluate audit findings, determine root causes, and extrapolate relevant institutional themes to develop relevant and achievable recommendations based on leading practice, the risk profile of the client and institution. Prepare professional audit reports summarizing observations, recommendations, and management responses. Ensure that projects have value-added results and are completed timely.Critically apply insights and knowledge of IT and information security to enable clients to solve complex institutional problems while effectively managing risks.Partner with OAC senior auditors on financial and operational projects with IT requirements and control evaluation, as needed.Follow IIA and other relevant standards in conducting assurance and advisory projects.

    Plan, supervise, procure services, and communicate Plan and execute all aspects of risk-based audit and advisory projects by partnering with client department management to define the scope and objectives, project resource requirements, identify needs for specialized skills, timing and budgets.Lead the development of, in partnership with Associate Director, Request for Proposals (RFPs) for the acquisition of specialized skills in a co-sourced engagement model.Manage the execution of professional services teams on co-sourced projects and deliver value added outcomes.Develop and manage relationships with key campus client stakeholders of varying levels of seniority and information security knowledge in the organization to enable the effective identification of risk and delivery of assurance and consulting services.Prepare and present audit and advisory project reports that communicate complex information security and IT operations concepts to a diverse group of institutional constituents including Deans and Vice Presidents, summarizing observations, recommendations, and management responses.

    Provide Strategy and Leadership Support Partner with the Associate Director to continue to mature the University’s Information Technology audit function through innovation and the implementation of new technologies, elevated testing approaches, assessment techniques, and agile engagement delivery.Collaborate with the Associate Director to execute the annual risk-assessment strategy and draft the IT audit work plan for the University.Conduct annual risk assessment interviews with senior executives and other managers throughout the University; identify and incorporate risk data from multiple internal and external sources to assess risk and analyze results.Identify, evaluate, and operate value added technology tools for OAC operations and internal audit projects.Proactively identify and build relationships with colleagues from other Universities to share information on industry risks and leading practices.Assist with Trustee and Senior Management presentations as required.Demonstrate foresight, superior judgment and the ability to develop creative solutions using a risk-based approach in the performance and management of all tasks.Support the progressive development of senior auditor IT audit knowledge, skills, and abilities by identifying key learning opportunities and developing value added training materials.Keep current with developments in relevant technologies and IT audit methodologies; independently develop and propose to the Associate Director an annual risk aligned training plan.Perform special projects and represent OAC on University committees, as required.

Qualifications

Essential Qualifications: Knowledge, Skills, and Abilities Required:

    High ethical standards representative of Princeton University’s commitment to excellence.
  • 6+ years of experience in, IT audit, Information Security Operations, IT management, information security analysis, IT operations, and/or systems assurance.
  • Demonstrated ability to analyze technology systems and processes with strong attention to detail, apply critical thinking skills, and use sound business judgment in the application of auditing principles, University policies, and business practices.
  • Excellent project management skills and demonstrated ability to achieve audit objectives on multiple, complex, concurrent projects.
  • Experience managing multiple project stakeholders (internal and external) in concurrently running engagements.
  • Strong analytical, problem solving, time management, and interpersonal
  • Excellent communication skills, including proven ability to prepare and present clear and concise reports to stakeholders and articulate complex and/or technical issues.
  • Superior judgment, diplomacy, and discretion in handling sensitive information.
  • Demonstrated technical skills and experience in some of the following:
      Information system testing techniques including the use of automated assessment tools.TCP/IP based network architecture and corresponding security design and enabling technologies such as next generation firewalls, IPS/IDS, routers, and switches.Microsoft Windows, Mac OS, and Linux operating systems, Active Directory, LDAP, Office365/Exchange, Microsoft SQL Server, Oracle Database systems, VMWare, Citrix, and SharePoint.Configuration management and automation technologies such as Ansible Tower or Puppet.Third party cloud offerings such as Amazon Web Services and Microsoft Azure and software as a service vendor assessments and ongoing monitoring (e.g., System and Organization Control reports).Vulnerability assessment and/or penetration testing tools and concepts
  • Knowledge of one or more information security frameworks including the NIST Cyber Security Framework, NIST 800-171, CMMC, HITRUST, ISO 27000 series, and the CIS Controls.
  • Self-motivation, initiative, and broad thinking.
  • Current CISSP, CISA, CISM, CRISC, or other relevant certification, or a commitment to pursue.
  • BA/BS or an advanced degree in information systems, business, or a related field.
Preferred Qualifications:
    8+ years of quantifiable experience in IT and/or information security operations, effective client management, and service deliveryAdvanced degree in information systems, business, or a related field.Knowledge of University operations and/or experience in higher education, especially focused on unique risks associated with academic departments and research.Experience selecting and implementing a data analytics software platform.
  • Experience managing projects co-sourced with professional services firms.
  • Knowledge of Large-scale ERP systems such as PeopleSoft, internal and external penetration testing tools and techniques, web application scanning/testing, social engineering, secure software development methodologies and enabling technology tools.
  • Familiarity with Internet of Things (IoT) devices, industrial control systems (ICS) and supervisory control and data acquisition (SCADA).

This role is Princeton-based and does not require travel

Princeton University is an Equal Opportunity/Affirmative Action Employer and all qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity or expression, national origin, disability status, protected veteran status, or any other characteristic protected by law. EEO IS THE LAW

PI142240478

Organization

Princeton entrance

Princeton University is a vibrant community of scholarship and learning that stands in the nation's service and the service of humanity. As a world-renowned research university, Princeton seeks to achieve the highest levels of distinction in the discovery and transmission of knowledge and understanding. At the same time, Princeton is distinctive among research universities in its commitment to undergraduate teaching.

Princeton University facultyOpportunity and Impact

At Princeton, every member of our community plays an important role in our mission of teaching and research. That mission provides every faculty and staff member with the opportunity to make an impact bigger than oneself. Learn about working at Princeton and meet some of our wonderful employees.

 

Services and Resources

When you make a commitment to our teaching and research mission, you will have access to the University’s world-renowned resources to help you succeed at work and in life. Discover the exceptional benefits and unique opportunities we offer as part of our commitment to you.

Work-Life Integration

Life is complicated. At Princeton, we recognize that and are sensitive and responsive to the challenges our employees face. The University offers a broad array of benefits and services that help our staff in a variety of ways.

Explore Our Job OpeningsPrinceton students and prof

Whether you’re already part of our community or just getting to know us for the first time, we invite you to imagine the meaningful difference you can make while working at Princeton. For faculty member and academic professional opportunities, visit the Dean of the Faculty website. For staff member job openings and to join our Talent Network, visit our Careers website.

Connect With Us
LinkedIn
Instagram
Facebook
Snapchat
YouTube

Find Us
Location
United States
You need to sign in or create an account to save a job.

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert