Rutgers, The State University of New Jersey, is seeking an Associate IT Auditor for Audit and Advisory Services, a department within University Finance and Administration. This position is under the supervision of the Manager of Audit & Advisory Services for IT and Healthcare, and the Senior IT Auditor. The Associate IT Auditor position exists to provide professional, independent, objective assurance and consulting services designed to add value and improve university units' operations with an emphasis on IT operations that are centralized in the Office of Information Technology (OIT), distributed across the university (departments, schools, centers, etc.), and provided by third-parties (cloud services).
Among the key duties of this position are the following:
Assists units across the university to accomplish their mission and objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes, primarily as they relate to information technology.
Delivers professional services to assist management accomplish program goals and objectives, comply with established rules and regulations, assure reliability and integrity of information, efficiency, and effectiveness of operations, secure computer systems, provide business continuity and safeguard university assets especially restricted and other sensitive information (PHI, PII, etc.).
Supports in planning assigned services, including acquiring knowledge of client's: organizational structure; existing applications; electronic and hardcopy information; IT infrastructure including, networks, servers, endpoints, mobile devices, operating systems, and other hardware and software, policies, practices, and procedures; policies, practices, and procedures; personnel and assigned job duties; physical facilities and security measures; communication and information flows.
Documents the audit strategy and project activities for the assignment.
Identifies and evaluates process-level risks, existing cybersecurity measures, compliance methods, and other systems controls.
Aids in evaluating client's control systems by identifying control strengths and weaknesses, and documenting weaknesses as possible reportable findings.
Communicates with the Senior Auditor and Audit and Advisory Services management throughout engagement to keep them apprised of progress, observations made, and recommendations under consideration.
Assists in drafting formal reports for review by the Audit and Advisory Services management for issuance to clients, senior management, and the Board of Governor's Committee on Audit.
Assists in facilitating timely written management responses to recommendations put forward for management's consideration in Audit and Advisory Services' reports.
Assists in evaluating responses and determining adequacy of client's planned corrective actions.
Discusses with the Senior Auditor and Audit and Advisory Services management options for addressing clients' corrective actions on recommendations.
Promotes effective use of individual resources through planning and monitoring of assigned project hours.
Participates in advisory services delivered to university clients.
Advances personal knowledge, skills, and other competencies through continued professional development and attendance at formal training conferences and seminars.
Assists with supervision and mentoring of our student interns in Audit and Advisory Services.
Participates in providing thought leadership to demonstrate and share internal control expertise across the university and with peers.
Partners with university leaders/management on committees and task forces.
Minimum Education and Experience:
Requires a bachelor's degree preferably in computer science, or business-related discipline (i.e. business/public administration, finance).
A minimum of 5 years' professional audit experience or a combination of audit and IT operations experience is required for an Associate IT Auditor.
Required Knowledge, Skills, and Abilities:
Must also have exposure to performing integrated audits or providing computer systems support that evaluated IT controls.
Familiarity with large or complex business organizations is strongly preferred.
Proficiency with personal computer hardware and software.
Understands the components of sound IT risk management, control, and governance processes.
Possesses advanced knowledge of computer systems and cybersecurity, and IS auditing principles
Knows and abides by the IIAs' Professional Practice Standards and apply ISACA's good practice framework for IT management and governance (COBIT) in his/her day-to-day work.
Demonstrates knowledge of IT auditing techniques.
Keeps abreast of breaking developments in IT and auditing literature, as well as performing research through the auditor's network of resources for issues specifically addressing the university, especially emerging computing risks and vulnerabilities.
Understands management and control model principles.
Must be aware of and understand the policies, rules, regulations, laws, and statutes pertaining to their engagement.
Must be analytical and observant.
Interprets trends, relationships, and problems from financial and statistical data.
Assesses departmental operations from a procedural level, (where a system administrator or computing manager may not follow a designed task) to a university policy level, where recommendations might be made to the Board regarding new legislation affecting university IT governance.
Must be able to apply advance cybersecurity and auditing principles in all their engagements with university clients.
Identifies an appropriate audit technique for use depending on the circumstances of their assignment.
Must be alert to conditions in systems, which demonstrate control strengths, disguise weaknesses, and present opportunities for fraud.
Exhibits teaching skills when working with student interns.
Satisfactory writing skills to write professional audit reports, memoranda, work papers and other service communications.
Captures business and IT processes, information and communication flows, and internal control systems, and IT systems, of varying complexities for analysis and evaluation. He/she then must apply audit procedures appropriate to the circumstances. This work often involves reading, interpreting, and/or gaining an understanding of vast amounts of documentation, including, but not limited to: federal, state, and local statutes; administrative codes; federal and state agency mandates; contracts with external organizations; and university and departmental policies and procedures, and cybersecurity and IT systems documentation.
Must be an excellent listener so that engagements serve clients' needs, while achieving the objectives of Audit and Advisory Services and the university.
Expresses himself/herself clearly and professionally in all communications. Interpersonal skills are essential as the Associate meets and communicates with every level of the university community.
Values frequent communications with Audit and Advisory Services management and subordinates, as well as clients.
Possesses advance personal computer abilities to prepare reports, record project timekeeping, create spreadsheets, and utilize various data analysis and audit management software. He/she should also be able to research the web.
Has the self-discipline to progress on concurrent work assignments and tasks.
Facilitates discussions on control matters.
Makes professional and supportable judgments on every assignment.
Takes direction from the Senior Auditor and Audit and Advisory Services management team.
Maintains confidentiality on all assignments and occasionally work under stressful conditions (i.e., investigations, politically charged issues).
Certification, or progress toward certification, as a Certified Information Systems Auditor (CISA) is strongly preferred.
Certification or progress toward certification as a Certified Internal Auditor (CIA), Certified Public Accountant (CPA), Certified Fraud Examiner (CFE), Project Management Professional (PMP), Certified Information Systems Security Professional (CISSP), or a facilitator in Control Self-Assessment (CCSA).
Audit and Advisory Services personal computer loaded with Word, Excel, Outlook, OneNote, PowerPoint, OneDrive, and other Microsoft Office 365 applications.
Audit management software (currently MKInsight) for time entry, audit planning, scheduling, performance reporting, electronic work papers and comprehensive reporting.
Uses data analytics software (IDEA, Tableau, etc.) for performing computer-assisted auditing techniques as needed to deliver audit and advisory services.
Rutgers, The State University of New Jersey, is a leading national public research university and the state's preeminent, comprehensive public institution of higher education. Rutgers is dedicated to teaching that meets the highest standards of excellence; to conducting research that breaks new ground; and to turning knowledge into solutions for local, national, and global communities. As it was ...at our founding in 1766, the heart of our mission is preparing students to become productive members of society and good citizens of the world. Rutgers teaches across the full educational spectrum: preschool to precollege; undergraduate to graduate and postdoctoral; and continuing education for professional and personal advancement. Rutgers is New Jersey's land-grant institution and one of the nation's foremost research universities, and as such, we educate, make discoveries, serve as an engine of economic growth, and generate ideas for improving people's lives.