• Senior IT Auditor

    University of Washington (Seattle, WA)


    Job Description

    As a UW employee, you have a unique opportunity to change lives on our campuses, in our state and around the world. UW employees offer their boundless energy, creative problem-solving skills, and dedication to build stronger minds and a healthier world.

     

    UW faculty and staff also enjoy outstanding benefits, professional growth opportunities and unique resources in an environment noted for diversity, intellectual excitement, artistic pursuits, and natural beauty.

     

    The Senior IT Auditor plans and performs independent, risk based audit, assurance and consulting activities related to IT internal processes, controls, risk management and governance activities within the University of Washington, while adding value and improving IT operations. Senior IT Auditor is expected to have internal IT audit experience and to demonstrate proficiency in applying independent judgement in performing internal audit work which conforms to professional standards.

     

    In addition, the Senior IT Auditor performs computer forensics, data analytics, and provides IT support for Internal Audit, including maintaining our servers, installing software upgrades, performing test of backup/recovery, and updating of security plans and department policies and procedures.

     

    This position will primarily support the completion of IT audits in the healthcare space.

     

    Internal Audit is a primary tool of the Board of Regents to ensure financial, operational and compliance integrity. Other auditors examine specific functions, activities, or areas of risk, but the scope of Internal Audit encompasses all of these areas. Current levels of frequent, significant and costly compliance issues in healthcare, higher education, and IT emphasize the importance of the internal audit function. The success and reputation of Internal Audit rest with the work performed by the Principal, Senior and Staff Auditors.

     

    Duties & Responsibilities

     

    Audit Examinations

     

    - Independently performs information security and IT operations audits and/or advisory services across a broad range of systems and technologies including but not limited to: information security, vulnerability management, application controls, network infrastructure, databases, operating systems, IT general controls, pre and post system implementation, development operations, cloud software and platforms, disaster recovery, and incident response.

     

    - Prepare IT audit plan for each audit assignment that ensures effective audit coverage based on an assessment of potential risks and exposures.

     

    - Design detailed audit work programs (in many cases customized for the environment), conduct interviews, document and analyze processes/compliance with applicable federal/state laws and University policies, and apply critical thinking to evalute risks and controls and asses the results of audit testing.

     

    - Consistently document relevant facts and information to support the work performed and conclusions drawn so other reviewers can follow the auditor's logic and methodology.

     

    - Develop audit findings, determine root causes, and develop relevant and achievable recommendations based on leading practice, the risk profile of the client and the UW.

     

    - Effectively communicate audit results, both verbally and in writing, so they are persuasive, placed in the appropriate context, and understood by the recipient. Prepare professional audit reports summarizing findings, recommendations, and management responses.

     

    - Perform follow-up reviews to ensure that recommendations are implemented to appropriately address risks identified.

     

    - Conduct audits in accordance with professional and departmental standards. Complete work on time and within budget with limited instructions, yet know when to seek guidance from supervising manager when circumstances warrant. May work on audits independently as part of a team project.

     

    - Partner with other auditors to provide guidance and assistance in using computerized audit techniques to extract and analyze data from complex computer systems or in performing evaluations of IT controls.

     

    - Utilize appropriate tools to conduct computer forensics in support of audits or investigations.

     

    Guidance and Consultation

     

    - Consult with University departments on new system development processes to ensure that appropriate controls are included in the design of planned applications and systems.

     

    - Critically apply insights and knowledge of IT and information security to enable clients to solve complex institutional problems while effectively managing risks.

     

    - Serve on University committees as requested.

     

    - Keep current on technical IT, security, accounting, auditing and government pronouncements.

     

    - Participate in University wide risk assessments and Internal Audits quality and process improvement program as requested.

     

    IT Support for Internal Audit

     

    - Coordinate maintenance of server utilized by Internal Audit, including applying appropriate patches.

     

    - Review, recommend, and install software upgrades related to electronic work paper software utilized by Internal Audit.

     

    - Perform periodic tests of backup/recovery.

     

    - Review and periodically update security plan and department IT policies and procedures.

    Required Qualifications

    + Bachelor's degree

    + Minimum of five years of audit experience, to include at least three years of IT audit experience or technical equivalent experience.

    + Professional certification such as CISA, CISSP, or CISM.

     

    Equivalent education/experience will substitute for all minimum qualifications except when there are legal requirements, such as a license/certification/registration.

    Additional Qualifications

    + Ability to independently design and perform IT audits and new systems implementation reviews of information systems in a multi-platform computing environment.

    + Strong understanding of IT internal controls.

    + Outstanding analytical, interpersonal and written communication skills.

    + Ability to communicate effectively with individuals at all organizational levels.

    Desired Qualifications

    + Master’s Degree in IT, security, auditing, accounting or related discipline.

    + Familiarity with NIST Cybersecurity framework, CIS18, and PCI standards.

    + Experience using computerized audit techniques to extract and analyze data from complex computer systems or in performing evaluations of IT controls such as SQL, Tableau, ACL.

    + Experience using IT forensics tools.

    + Higher Education and/or healthcare audit experience.

     

    Working Environment

     

    Flexible and partially remote work schedule available.

     

    Compensation, Benefits and Position Details

    Pay Range Minimum:

    $96,000.00 annual

    Pay Range Maximum:

    $120,000.00 annual

    Other Compensation:

    -

    Benefits:

    For information about benefits for this position, visit https://www.washington.edu/jobs/benefits-for-uw-staff/

    Shift:

    First Shift (United States of America)

     

    Temporary or Regular?

     

    This is a regular position

    FTE (Full-Time Equivalent):

    100.00%

    Union/Bargaining Unit:

    Not Applicable

     

    About the UW

     

    Working at the University of Washington provides a unique opportunity to change lives – on our campuses, in our state and around the world.

     

    UW employees bring their boundless energy, creative problem-solving skills and dedication to building stronger minds and a healthier world. In return, they enjoy outstanding benefits, opportunities for professional growth and the chance to work in an environment known for its diversity, intellectual excitement, artistic pursuits and natural beauty.

     

    Our Commitment

     

    The University of Washington is proud to be an affirmative action and equal opportunity employer (https://hr.uw.edu/eoaa/) . All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, age, protected veteran or disabled status, or genetic information.

     

    To request disability accommodation in the application process, contact the Disability Services Office at 206-543-6450 or [email protected] .

     

    Applicants considered for this position will be required to disclose if they are the subject of any substantiated findings or current investigations related to sexual misconduct at their current employment and past employment. Disclosure is required under Washington state law (https://app.leg.wa.gov/RCW/default.aspx?cite=28B.112.080) .

     

    University of Washington is an affirmative action and equal opportunity employer. All qualified applicants will receive consideration for employment without regard to, among other things, race, religion, color, national origin, sexual orientation, gender identity, sex, age, protected veteran or disabled status, or genetic information.