"Alerted.org

As a community, the University of Rochester is defined by a deep commitment to Meliora - Ever Better. Embedded in that ideal are the values we share: equity, leadership, integrity, openness, respect, and accountability. Together, we will set the highest standards for how we treat each other to ensure our community is welcoming to all and is a place where all can thrive.

Job Location (Full Address):

175 Corporate Woods, Rochester, New York, United States of America, 14623

Opening:

Worker Subtype:

Regular

Time Type:

Full time

Scheduled Weekly Hours:

40

Department:

100034 University Audit

Work Shift:

UR - Day (United States of America)

Range:

UR URG 114

Compensation Range:

$86,482.00 - $129,723.00

_The referenced pay range represents the minimum and maximum compensation for this job. Individual annual salaries/hourly rates will be set within the job's compensation range, and will be determined by considering factors including, but not limited to, market data, education, experience, qualifications, expertise of the individual, and internal equity considerations._

Responsibilities:

GENERAL PURPOSE:

At the direction of, or in collaboration with, the IT Audit Manager, the Sr. IT Auditor is responsible for leading and executing assigned audits that assess information systems controls and technology processes within the organization. This role ensures compliance with applicable laws, industry standards, and internal policies. The Sr. IT Internal Auditor also provides insights on improving overall risk mitigation strategies and security posture.

ESSENTIAL FUNCTIONS

+ Conducts audits and risk assessments related to a wide array of IT-related risk areas. Includes creating a plan for the scope, timing, and resource needs to complete assigned audit projects and presents such plans to the IT Audit Manager and Chief Audit Executive (CAE). Develops audit strategies geared toward helping achieve IT related objectives, as well as identifying areas of exposure that may prevent objectives from being met. Determines audit strategies for centralized IT functions that allow for a broad coverage of review to impact a large number of areas.

+ Performs comprehensive audits in accordance with Standards for the Professional Practice of Internal Auditing, including obtaining, analyzing, and appraising evidentiary data as a basis for informed, objective opinions on the overall efficiency and effectiveness of management’s internal controls, business processes, and ability to meet its goals and objectives.

+ Plans and leads meetings with management and unit level staff related to the performance of assigned audit projects. Facilitates meetings and walkthroughs with key stakeholders to review and assess IT processes, controls, and systems. Leads discussions to identify potential risks and areas for improvement, ensuring clear communication and understanding of audit objectives and findings. Documents the results of detailed walkthroughs of IT environments, identifying actionable recommendations to enhance security and compliance.

+ Collaborates with the IT Audit Manager to prepare formal written reports expressing opinions on the adequacy of the design of internal controls and the efficiency and effectiveness with which control activities are being performed. Participates in, and occasionally leads, oral discussions and presentations to applicable IT leadership prior to, during, and at the conclusion of audits, discussing audit scope, status and any deficiencies while explaining recommended corrective actions.

+ Participates in IT task forces and cross-functional teams to provide management (through non-audit activities) expert advice on IT controls, risk management, and compliance issues. Represents the internal audit function by observing and/or helping support IT-related project teams, ensuring alignment with organizational objectives, control standards, and regulatory requirements. Consults with various departments and units to identify and/or mitigate potential IT risks.

+ Develops and continuously enhances working relationships with IT staff and management at the University. Promotes the mission of the Audit Department and its ability to provide IT advisory services through continuous communication with management.

+ Works with the IT Audit Manager and Chief Audit Executive in developing the annual IT audit plan and helps schedule and prioritize projects.

+ Continuously monitors developments in the IT landscape, including new technologies such as AI, blockchain, and cloud computing, as well as emerging security threats like ransomware and phishing attacks. Participates in industry conferences, workshops, and training programs to stay informed about the latest trends and best practices in IT security, governance, and risk management. Provides timely, informed advice to management on potential risks associated with emerging technologies, ensuring that any threats are proactively mitigated. Leverages their expertise to help influence the organization’s strategy and decision-making, mitigating risks before they become significant issues.

QUALIFICATIONS

+ Bachelor’s degree in Information Technology, Computer Science, Accounting, or a related field required.

+ 3 years of experience as an auditor/consultant (internal audit and/or public accounting role), or equivalent combination of education and experience required.

+ 3 years’ experience as an IT professional along with experience as an auditor/consultant (internal audit, consulting firm / public accounting firm) preferred.

+ Knowledge of network architecture, servers, databases, and cloud environments required.

+ Knowledge of data management practices, including data governance, protection, and privacy relevant to regulations such as HIPAA and GDPR required.

+ Knowledge of standards and best practices for cybersecurity protocols, including firewalls, intrusion detection, and encryption techniques required.

+ Knowledge of IT governance / control frameworks and standards (e.g., COBIT, HITRUST, NIST, ISO) required.

+ Proven experience in IT auditing or risk management, with a focus on assessing IT controls and cybersecurity required.

+ Proven experience in performing audits of IT systems, applications, and data security practices required.

+ Familiarity with Systems Development Life Cycle (SDLC) required.

+ Understands internal controls, business processes, auditing procedures and risk assessments required.

+ Proficient in PC functionality and Microsoft Excel, Word and PowerPoint required.

+ Managing Processes - Ability to manage appropriate steps to get projects completed; has strong abilities to organize people and processes; can create a plan for resourceful workflow required.

+ Oral Communication - Knows how to present ideas effectively and persuasively; has a strong verbal presence; can convey concepts in a wide-variety of forums. (Speaking to large groups, one-on-one, etc.) required.

+ Strategic Vision - Understands the “big” picture; champions University’s mission to those in all levels of the organization; sets short- and long-term goals to align business with University vision required.

+ Written Communication - Can write thoughts and concepts in a clear and organized manner; effectively manages formal and informal communication required.

+ Organizational Savvy - Understands how organizations operate; able to manage him or herself effectively in a highly political environment; predicts the potential problems one might encounter in an organization; quick learner in understanding institution cultures; is knowledgeable about business practices and how they may impact the organization required.

+ Interpersonal Confidence/Savoir Faire- Strong interpersonal skills; can effectively communicate and relate to all levels within and outside the organization; creates and builds positive and productive relationships.

+ Problem Solving - Able to use logic to solve challenging problems; negotiates effectively under the most difficult of circumstances; able to resolve problems in a fair manner; gains the respect and trust of others involved in the negotiations required.

+ Results Oriented - Drives the team and the organization for results in order to improve performance; able to make timely or planned decisions appropriate to the circumstances or situation required.

+ Tenacity - Has continuous energy to see projects through to completion, especially when faced with difficult obstacles.

+ Functional & Technical Learning - Understands technical information quickly; able to learn new technical skills and information adeptly; has the ability to perform at a high level due to strong functional knowledge required.

+ Knowledge of electronic work papers required.

+ Systems implementation experience preferred, but not required.

+ Experience in the health care and/or higher education environment preferred, but not required.

+ CIA, CISA, CISM, CISSP, CRISC, CGEIT, CPA, and/or MBA preferred.

The University of Rochester is committed to fostering, cultivating, and preserving an inclusive and welcoming culture to advance the University’s Mission to Learn, Discover, Heal, Create – and Make the World Ever Better. In support of our values and those of our society, the University is committed to not discriminating on the basis of age, color, disability, ethnicity, gender identity or expression, genetic information, marital status, military/veteran status, national origin, race, religion/creed, sex, sexual orientation, citizenship status, or any other characteristic protected by federal, state, or local law (Protected Classes). This commitment extends to non-discrimination in the administration of our policies, admissions, employment, access, and recruitment of candidates for all persons consistent with our values and based on applicable law.

Notice: If you are a **Current** **Employee,** please **log into myURHR** to search for and apply to jobs using the Jobs Hub. Your application, if submitted using this portal, cannot be moved forward.

Learn. Discover. Heal. Create.

Located in western New York, Rochester is our namesake and our home. One of the world’s leading research universities, Rochester has a long tradition of breaking boundaries—always pushing and questioning, learning and unlearning. We transform ideas into enterprises that create value and make the world ever better.

If you’re looking for a career in higher education or health care, the University of Rochester may offer the perfect opportunity for your background and goals

At the University of Rochester, we commit to diversity, equity, and inclusion and united by a strong commitment to be ever better—Meliora. It is an ideal that informs our shared mission to ensure all members of our community feel safe, respected, included, and valued.