Information Systems Auditor

Michigan State University FCU - East Lansing

Position Title:    Information Systems Auditor    
 
Position Type: Full-time    
FLSA:               Non-exempt    
Department:    Internal Audit    
Location:         Headquarters    
Reports to:      Chief Internal Auditor    
 

Position Summary
Performs complex-level professional internal auditing work. Work involves leading or conducting information technology audit projects; providing consulting services to the organization’s management and staff; providing key input to development of the annual audit plan; and providing training and coaching to Internal Audit employees.
Responsible for identifying technology risks and independently evaluating the efficiency and effectiveness of information technology infrastructure and application controls, including security and internal controls. Maintains all organizational and professional ethical standards. Works independently under general supervision with considerable latitude for initiative and independent judgment.

Essential Duties and Responsibilities

Information Systems Auditor I:
•    Identify and evaluate the Credit Union’s risk areas and provide key input to the development of the annual Internal Audit plan
•    Perform audit procedures, including identifying and defining issues, developing criteria, reviewing and analyzing evidence, and
     documenting client processes and procedures; responsible for the completion of all audit assignments effectively and within the
     scheduled time frame
•    Assist in audits of the Credit Union’s information systems environment, reviewing the reliability and integrity of information systems 
     and the compliance with policies, standards, laws and regulations that could have significant impact on the Credit Union’s information
     systems or operations
•    Plan and execute audits of client/server technology platforms (Microsoft Windows, UNIX, databases, web applications, etc.) and
     evaluate IT internal controls; work collaboratively with management to identify actions needed
•    Plan and perform audits of IT management policies and procedures (e.g. change management, business continuity planning/disaster
     recovery, information security, etc.) to ensure that controls surrounding these processes are adequate and are functioning as intended
•    Plan and perform IT security audits (e.g. network, operating system and data center), including evaluating if security vulnerabilities are
     properly identified and mitigated
•    Support audit projects related to programming, mainframe batch and online processes, client-server architecture, Internet and intranet
     functionality, database extraction, technology strategy, and data communication and network security
•    Act as liaison with the Credit Union’s IT department to ensure full understanding of data flow, data integrity, and system security
•    Assess information technology control elements to mitigate IT risks regarding the confidentiality, integrity, and availability of business
     information
•    Perform related work as assigned by the Chief Internal Auditor
•    Conduct pre and post-implementation review of system implementations or enhancements, as requested
•    Develop and direct IT control questionnaires, conduct interviews, review documents,  compose summary memos, and prepare working
     papers; responsible for organizing and systematically completing in a neat manner all work papers to show what was done, the
     procedures and methods used, and the conclusions or the results of the work performed
•    Identify, develop, and document audit issues and recommendations using independent judgment concerning areas being reviewed;
     responsible for communicating information, suggestions, and/or problems regarding job status and critical findings to the Chief Internal
     Auditor
•    Identify and recommend changes, new procedures, and new techniques to eliminate weaknesses in practices and procedures or
     operations from the standpoint of Internal Audit and present these recommendations to management
•    Evaluate and communicate IT control best practices and make recommendations for strengthening internal controls, improving
     operations, and reducing costs
•    Assist in communicating the results of audit projects via written reports and oral presentations to management, the President/CEO, the
     Supervisory Committee and the Board of Directors
•    Develop and maintain productive client and employee relationships through individual contacts and group meetings
•    Pursue professional development opportunities, including external and internal training and professional association memberships,
     and share information gained with co-workers
•    Represent Internal Audit on organizational project teams, at management meetings, and with external organizations
•    Assist in the efficient operation of the Internal Audit department as directed by the Chief Internal Auditor in order to assist the NCUA
     and external auditors to expeditiously complete their assignments
•    Participate in training activities within Internal Audit department and with the Learning and Talent Development department; such
     training helps to ensure employee compliance with Credit Union policies and state and federal regulations and laws
•    Perform other duties and assist other employees, as assigned

Information Systems Auditor II:
•    All of Information Systems Auditor I duties and responsibilities
•    Assist in providing training, coaching, and guidance to internal audit staff regarding the performance of audits and other audit-related
     issues
•    Independently research a variety of audit issues
•    Independently plan, perform, and complete audit projects
•    Accept increasingly complex duties and responsibilities and perform those additional duties to a satisfactory level
•    Performs all tasks consistently and effectively

Senior Information Systems Auditor:
•    All of Information Systems Auditor I and II duties and responsibilities
•    Assist and mentor team members with less experience in expert areas
•    Participate consistently in Credit Union committees and projects

Information Systems Auditor I:
•    Requires a bachelor’s degree in finance, computer science, information systems, information technology, or a related discipline
•    Demonstrates strong knowledge of IT concepts and terminology, internal auditing practices, and internal control environments within
     the IT function
•    CISA, CIA, CISSP, or CISM or active pursuit of such designation preferred
•    Skill in assessing the effectiveness of internal controls over key IT risks, identifying significant exposures, analyzing transactions and
     other management information, and detecting changes in key risks and/or control effectiveness; skill in developing appropriate
     recommendations to address exposures.
•    Strong knowledge of generally accepted information security standards, best practices for securing computer systems, applicable laws
     and regulations, and information security control practices and frameworks (e.g., CIS Controls, NIST, COBIT, etc.)
•    Requires the ability to execute any audit program related to information systems, recognize control weaknesses, and assess the
     materiality of these control weaknesses back to the scope and objectives of the audit
•    Requires a conceptual knowledge of aspects of IS auditing within a complex IT network
•    Knowledge of various operating system platforms (i.e., Microsoft Windows, Mac OS X, Unix, etc.), web-based technology, and basic
     infrastructure control issues
•    Skill in conducting quality control reviews of audit work products
•    Skill in collecting and analyzing complex data, evaluating information and systems, and drawing logical conclusions
•    Skill in planning and project management, and in maintaining composure under pressure while meeting multiple deadlines
•    Skill in negotiating issues and resolving problems
•    Skill in and proficiency in using a computer with word processing, spreadsheet, database management, audit extraction tools and
     other business software to prepare reports, memos, summaries, and analyses
•    Skill in effective verbal and written communications, including active listening skills and skill in presenting findings and
     recommendations
•    Ability to establish and maintain harmonious working relationships with co-workers, staff and external contacts, and to work effectively
      in a professional team environment
•    Ability to learn new operations quickly and work independently

Information Systems Auditor II:
•    All of Information Systems Auditor I knowledge, skills, and abilities
•    Ability to organize and prioritize work with minimal direction
•    Ability to use independent judgment and take initiative in the absence of specific direction from the Chief Internal Auditor
•    CISA, CIA, CISSP, or CISM designation required

Senior Information Systems Auditor:
•    All of Information Systems Auditor I and II knowledge, skills, and abilities
•    Expert knowledge of IT concepts and terminology, internal auditing, and internal control environments within the IT function
•    Ability to analyze complex problems and perform research in order to provide value-added recommendations for improvement
•    Expert knowledge of audit concepts and the Credit Union’s operations and IT environment
•    Required to sit, stand, walk; talk and hear; and ability to touch and interact with office equipment
•    Ability to lift up to 50 pounds
•    Normal office environment where there is minimal discomfort due to temperature, dust, noise and other factors
•    Exposure to potentially hazardous condition, i.e. robbery. Receives detailed instructions and procedures to be followed to minimize 
     the exposure

The above statements are intended to indicate the kinds of tasks and levels of work difficulty that will be required of positions that will be given this title and shall not be construed as declaring what the specific duties and responsibilities of any particular position shall be. It is not intended to limit or in any way modify the rights of any supervisor to assign, direct, and control the work of employees under his or her supervision. The use of a particular expression or illustration describing duties shall not be held to exclude other duties not mentioned that are of similar kind of level of difficulty. MSU Federal Credit Union is an affirmative-action, equal-opportunity employer.
Reasonable accommodations may be made for individuals with disabilities to enable them to perform the essential functions of the position.

For additional information and to apply, Click Here

 

Posting Date: 
August 30, 2018