The University of Rochester is seeking a Senior IT Auditor to develop, direct, plan, and evaluate our internal audit programs. This role is pivotal in ensuring our information systems and procedures comply with policies and standards, reflecting our commitment to Meliora—Ever Better.
What You'll Do
- Conduct annual audits and risk assessments across the University's information systems.
- Evaluate the University's compliance with standard requirements and assessment procedures.
- Complete compliance reports, obtain signatures, and submit them to the acquiring bank.
- Plan and lead meetings with clients to discuss audit goals, business processes, and internal controls.
- Develop audit procedures to help business units achieve objectives and identify areas of exposure.
- Execute internal control risk assessments and develop customized audit strategies.
- Create and present plans for the scope, timing, and resources needed for audit projects.
- Obtain, analyze, and appraise evidentiary data to evaluate management's internal controls and business processes.
- Prepare formal reports expressing opinions on the adequacy and effectiveness of activities performed.
- Present findings to leadership, addressing deficiencies and recommending effective actions.
- Use technology to support audit projects and perform independent analysis with strong attention to detail.
What We're Looking For
- A Bachelor's degree and 3 years of relevant experience or an equivalent combination.
- Knowledge of network architecture, servers, databases, and cloud environments.
- Knowledge of data management practices, including governance, protection, and privacy relevant to regulations like HIPAA and GDPR.
- Knowledge of cybersecurity standards and best practices for protocols like firewalls, intrusion detection, and encryption.
- Knowledge of IT governance/control frameworks and standards (e.g., COBIT, HITRUST, NIST, ISO).
- Proven experience in IT auditing or risk management, focusing on assessing IT controls and cybersecurity.
- Proven experience performing audits of IT systems, applications, and data security practices.
- Familiarity with the Systems Development Life Cycle (SDLC).
- Understanding of internal controls, business processes, auditing procedures, and risk assessments.
- Proficiency in PC functionality and Microsoft Excel, Word, and PowerPoint.
- Ability to manage steps to complete projects and organize people and processes.
- Ability to present ideas effectively and persuasively in various forums.
- Ability to understand the larger strategic picture and align business with the University vision.
- Ability to write thoughts and concepts clearly and in an organized manner.
- Ability to understand how organizations operate.
- Ability to manage effectively in a highly political environment.
- Strong interpersonal skills and the ability to communicate and relate to all levels inside and outside the organization.
- Able to use logic to solve challenging problems and resolve issues in a fair manner to gain respect and trust.
- Able to make timely, planned decisions appropriate to the circumstances.
- Sustained energy to see projects through to completion.
- Ability to learn new technical skills and information adeptly.
- Ability to perform at a high level due to strong functional knowledge.
- Knowledge of electronic work papers.
Nice to Have
- Systems implementation experience.
- Experience in the healthcare and/or higher education environment.
- Relevant certifications upon hire, such as CIA, CISA, CISM, CISSP, CRISC, CGEIT, CPA, and/or an MBA.
Benefits & Compensation
- Salary range: $86,482.00 - $129,723.00
Work Mode
This is a remote position open to candidates working in New York State.
The University of Rochester is committed to not discriminating on the basis of age, color, disability, ethnicity, gender identity or expression, genetic information, marital status, military/veteran status, national origin, race, religion, creed, sex, sexual orientation, citizenship status, or any other characteristic protected by law.
