Details

Posted: 30-Apr-25

Location: Philadelphia, Pennsylvania

Type: Full Time

Categories:

IT Audit

Currency:

United States, Dollar (USD)

Region:

United States

Required Education:

Master's degree

Additional Information:

Hybrid/Remote is allowed.

Certifications:

CISA
CISA - Certified Information Systems Auditor

The IT Auditor III (Lead Auditor) performs audits of higher risk and more complex new and existing information systems to evaluate the adequacy and effectiveness of controls and compliance with IT standards. This includes assessment of critical institutional information systems implementations, information security, emerging technologies, and reviews of significant information technology processes. The IT Lead Auditor is also responsible for supervising other assigned IT audit staff in testing and reviewing information systems, data security, and key Digital and Technology Services (DTS) and other IT project initiatives to identify and assess risk and provide best practice control technique recommendations. In addition, the IT Lead Auditor maintains and updates the information systems audit universe, leads the information systems risk assessment, and provides input on audit project recommendations for inclusion in the annual Internal Audit Plan. The IT Lead Auditor also collaborates with the DTS Information Security management during the follow-up on the implementation status of corrective actions related to previously reported audit observations as well as consults with DTS and other IT management on control design and/or necessary actions to implement these corrective action plans.

This position is hybrid and will require 3-4 days onsite

What you will do

• Leads and conducts audits of higher risk and more complex information systems such as implementations of critical information systems, cybersecurity, cloud technology, emerging technologies (e.g., artificial intelligence, automation) with minimal management supervision.
• In addition, leads reviews of general controls, application/operating systems, network performance, disaster recovery and key DTS project initiatives in accordance with department and professional standards.
• For each audit project, leads the completion of all planning activities and develops the testing strategy based on a risk assessment.
• Designs, supervises, and reviews the testing procedures performed by other IT audit staff to ensure audit objectives are achieved. Prepares and reviews the work papers of other assigned staff to ensure adherence with departmental and professional standards.
• Develops recommendations to improve internal controls for risks identified. Leads and conducts entrance and exit conferences with DTS and other IT management.
• Drafts audit reports and presents results to Senior DTS and other IT management.
• Maintains the information technology audit universe and co-leads the annual information systems risk assessment, including maintenance of the risk scoring template and reporting of risk assessment results.
• Recommends audits for inclusion in the annual Internal Audit Plan.
• Coordinates with DTS Information Security Department management to follow-up and determine the implementation status of previously reported information systems audit observations.
• Consults with DTS management on control design and/or the actions necessary to fully implement the required corrective action plans.
• Assists the financial/operational auditors in assessing and testing information systems controls in applications being reviewed.
• Performs other department administrative procedures as assigned and takes a lead role in executing projects related to supporting Internal Audit's strategic plan.

Education Qualifications

• Bachelor's Degree Computer Science, Management Information Systems, or similar field of study Required
• Master's Degree Preferred

Experience Qualifications

• At least four (4) years experience in information systems auditing, public accounting's computer audit specialist practice, and/or information system operations in a corporate or not-for-profit organization. Required
• Healthcare experience Preferred

Skills and Abilities

• Good working knowledge of internal control conceptual frameworks (e.g., COBIT, Hi-trust, COSO, etc.) and the IIA's Standards for the Professional Practice of Internal Auditing. (Required proficiency)
• Working knowledge of EPIC, and Workday suite of software preferred. (Preferred proficiency)
• Working knowledge of the systems development lifecycle, project management, IT general controls, networking, cybersecurity, cloud technologies, IT vendor risk management, and Service Organization Controls Reports. (Required proficiency)
• Possesses excellent project-management, interpersonal, and communication (verbal and written) skills. (Required proficiency)
• Ability to work independently, identify opportunities, and assume responsibility. (Required proficiency)

Licenses and Certifications

• Certified Information Systems Auditor (CISA) - Information Systems Audit and Control Association (ISACA) - within 18 months - Required
• Certified Information Systems Security Professional (CISSP) - International Information System Security Certification Consortium - upon hire - Preferred
• Certified Internal Auditor (CIA) - Institute of Internal Auditors - upon hire - Preferred