Job Posting

The primary responsibility of this position is to conduct, and coordinate audit and advisory engagements as assigned with a focus on information technology audits.

Education Requirements:

Requires a bachelor’s degree in Computer Science, IT Business Information Systems or other closely related field or a degree in Accounting/Business field with IT auditing experience. A CISA (Certified Information System Auditor), CISSP (Certified Information Systems Security Professional), PMP (Project Management Professional) or other relevant IT auditing certification is preferred.

Experience:

Requires three to five years of experience in IT, such as network security, technology infrastructure, software development, or a related field.  Auditing experience preferred but not required.

Summary of Duties and Responsibilities:

The Senior IT Auditor is responsible for conducting and coordinating audit and advisory engagements with a focus on information technology audits, which includes the evaluation of internal controls.   The position is responsible for reporting the results of audits and alerting the Internal Audit Supervisor and the Director of Internal Audit and Risk to any conditions, which pose risks to the System.  The position is responsible for preparing work papers and documenting findings.  This position plans and performs auditing duties primarily in information technology areas, but could also include areas such as accounting, member services, and investments.  Work involves providing assurance and consulting services to management and staff; maintaining ethical standards and effective working relationships with management and staff.  Reports resulting from audit work are distributed to the appropriate departments and presented to the Audit Committee of the Board of Trustees.  Audit work is completed in conformance with the International Standards for the Professional Practice of Internal Auditing and the Code of Ethics promulgated by the Institute of Internal Auditors.

Knowledge/Skills/Abilities:

The incumbent must possess excellent interpersonal, verbal and written communication skills in order to report audit findings to management and the Internal Audit Supervisor during and at the conclusion of audits.  The incumbent must possess knowledge of State statutes and the Comptroller’s accounting and reporting requirements.    

Selection Criteria:

Analytical Skills

The ability to analyze information and review problems thoroughly; as well as, determine the nature and relationship of situations.

Communication Skills

The ability to speak effectively in public situations to small groups or one-on-one; and to compose memorandums, letters, reports and specified documents in a clear, concise and well-structured manner.

Technical Skills

The ability to recognize technical needs and system limitations.  Technical knowledge also includes the capacity to anticipate problems and propose new methods for more effective computer operations.

Job Knowledge and Experience

Has completed specified amount of time previously performing essential duties of the job and/or has completed specified degrees, coursework, or training programs to perform the job.  Possesses a body of information or level of understanding necessary to complete assigned responsibilities.

Judgment

The ability to make decisions in a logical and objective manner and to demonstrate common sense.

Organizational Skills

Organizes work tasks in an efficient manner; able to complete assignments on time by prioritizing tasks and monitoring their completion.

Planning

The ability to organize, form strategies, schedule, prioritize and/or effectively demonstrate the ability to forecast and evaluate trends.

---

Job Description

Purpose:

Under the supervision of the Internal Audit Supervisor, the Senior IT Internal Auditor conducts and coordinates audit and advisory engagements as assigned with a focus on information technology audits.

Nature and Scope:

The Senior IT Auditor is responsible for conducting and coordinating audit and advisory engagements with a focus on information technology audits, which includes the evaluation of internal controls.   The position is responsible for reporting the results of audits and alerting the Internal Audit Supervisor and the Director of Internal Audit and Risk to any conditions, which pose risks to the System.  The position is responsible for preparing work papers and documenting findings.

This position plans and performs auditing duties primarily in information technology areas, but could also include areas such as accounting, member services, and investments.  Work involves providing assurance and consulting services to management and staff; maintaining ethical standards and effective working relationships with management and staff.  Reports resulting from audit work are distributed to the appropriate departments and presented to the Audit Committee of the Board of Trustees.  Audit work is completed in conformance with the International Standards for the Professional Practice of Internal Auditing and the Code of Ethics promulgated by the Institute of Internal Auditors.    The incumbent must possess excellent interpersonal, verbal and written communication skills in order to report audit findings to management and the Internal Audit Supervisor during and at the conclusion of audits.  The incumbent must possess knowledge of State statutes and the Comptroller’s accounting and reporting requirements.    

The greatest challenge of this position will be maintaining a comprehensive knowledge of all the agency’s procedures, information systems and operations, in addition to maintaining knowledge of all rules and regulations affecting TRS, in order to conduct thorough IT audits and advise the Internal Audit Supervisor and Director of Internal Audit and Risk of weaknesses in the internal control structure.

Principal Accountabilities:

1. Ensure there are periodic evaluations of the controls surrounding the System’s Information Technology Infrastructure and the related processing. This includes both general controls that affect the entire processing environment as well as those application controls unique to given business processes. 
2. Ensure there are periodic evaluations of the System’s internal and external security, both technical and physical, as such pertains to both our internal network and our external internet facing systems and processes. Where necessary, ensure there are appropriate examinations of external third-party processing sites.
3. Prepare a detailed IT risk assessment to provide support for recommending IT audit projects included in the annual internal audit plan.
4. Collaborate on major IT projects and initiatives to ensure internal controls, risks and security are properly addressed throughout the project life cycle.
5. Perform reviews of IT management policies and procedures such as change management, business continuity planning/disaster recovery, and information security to ensure that controls surrounding these processes are adequate.
6. Identify database data elements that have audit significance. Ensure procedures are in place for modifications and database fixes which are appropriate and function as expected.
7. Participate in the design, implementation, and monitoring of database auditing policies to ensure the integrity and safeguarding of member data.
8. Conduct application system reviews for user control procedures which includes checking for appropriate segregation of duties, existence of proper management approval procedures, and timely performance of job responsibilities.
9. Review the annual independent vulnerability assessment results and monitor key and critical risks identified in the report.
10. Perform reviews of IT related Service Organization Control (SOC) 2 reports to ensure any deficiencies are being appropriately addressed.
11. May serve as a subject matter expert on IT risk management matters, particularly on application and infrastructure security.
12. Perform the planning activities for assigned audits which include defining the objectives and scope of the audit, documenting business processes and procedures, performing a risk and internal control evaluation and developing the audit program.
13. Perform the audit procedures for assigned audits in accordance with the International Standards for the Professional Practice of Internal Auditing and the Code of Ethics promulgated by the Institute of Internal Auditors. This includes collecting and analyzing data; testing compliance with internal and external rules, laws and regulations; evaluating the internal controls; identifying and developing potential issues and recommendations; and documenting the work performed in the audit work papers.
14. Discuss potential findings and observations with the Internal Audit Supervisor and the Director of Internal Audit and Risk and appropriate management. Compose audit reports including any potential findings and observations and review with the Internal Audit Supervisor and the Director of Internal Audit and Risk.
15. Assist in presenting audit reports including any findings and/or observations to the Executive Director, Executive Management, and the Audit Committee of the Board of Trustees.
16. Participate in the follow-up of findings and observations for both internal and external audits.
17. Assist in the development of the annual audit plan, including the annual risk assessment of auditable areas as it relates to information technology.
18. Provide IT business insights and technical support for audits including developing, building, and implementing tools to analyze data to improve audit efficiency and effectiveness.
19. Recommend procedures to enhance the effectiveness of the internal audit program.
20. Assist in proactively reviewing and analyzing business processes pertaining to risk and controls.
21. Serve as the internal audit department resource on Information Technology and IT Project Management matters. Remain abreast of developments in the world of Information Technology and IT Project Management through reading, discussions with colleagues in the industry, attendance at meetings, conferences and seminars, and via other means, as deemed appropriate.
22. Perform other audit related activities as required or assigned.