IT Auditor/Sr. IT Auditor

Job Summary

The Texas State University System (TSUS) invites applications for an Information Technology (IT) Auditor position within the Office of Internal Audit to primarily serve Lamar University, Lamar Institute of Technology, Lamar State College Orange, Lamar State College Port Arthur, and Sul Ross State University. These campuses are member institutions of The Texas State University System, the oldest multi-campus system in Texas. The position reports to the System Director, Office of Internal Audit, who in turn reports to the Chief Audit Executive of the TSUS. Consideration for remote work will be given depending upon the applicant’s qualifications and work experience. For more information on the Office of Internal Audit, see https://www.tsus.edu/offices/Internal-Audit.html.

EXPERIENCE LEVELS:
IT Auditor – Experience in IT risk-based auditing that conforms to professional standards and has demonstrated the ability to provide relevant and timely audit results.

Senior IT Auditor – Extensive experience in IT risk-based auditing that conforms to professional standards, demonstrated experience in completing complex reviews, and ability to relay a depth of knowledge in contemporary IT auditing techniques.

Seniority (IT Auditor/Senior Auditor IT) will be established based on relevant experience and other factors.

Essential Job Functions

• Plans and performs IT audits to:
  
  • Assess whether internal controls over information resources and related technology are adequate to ensure that confidential data (student, academic, financial, and operational) is protected from unauthorized use, access, or manipulation.
  • Determine whether the information technology infrastructure is adequately protected from intentional or unintentional access, loss, damage, or destruction.
  • Determine whether the governance, risk management, and control processes over information resources and related technology facilitate the production of reliable financial, academic, and operating information.
  • Identify the effective extent to which information resources and related technology can be recovered in support of the continuity of operations in the event of a business disruption.
  • Measure the level of compliance involving information resources and associated technology with TAC 202, FISMA, NIST, FERPA, HIPAA, PCI, and other applicable state and federal requirements, industry standards, and best practices.
• Identifies risks, develops recommendations to mitigate risks, prepares organized, accurate and competent work papers that clearly document and support conclusions regarding audit objectives, and facilitates the communication of audit results through preparing written draft reports and making oral presentations to management.
• Stays updated on industry and technology changes and their impact on IT risks.
• Performs special projects and consulting activities as needed.
• Engages in frequent contact with other Office of Internal Audit personnel, University personnel, TSUS personnel, and personnel at other state agencies.
• Performs other related duties as assigned.
• Working Conditions: Normal office environment; some travel, up to 20%, with overnight stays (training, conferences, audit activities, “immediate need” special projects, etc.), can be expected for the position.

Minimum and Desired Qualifications

Required Qualifications:

• Bachelor's degree with a major in management information systems, computer science, accounting, or related financial or information technology discipline with two (2) years of IT audit experience or bachelor’s degree in another field with four (4) years of audit experience in information technology/systems or management information systems may be substituted.
• Holds at least one of the following professional certifications: Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), or Certified Public Accountant (CPA).
  
  OR
  
• Advanced degree in information systems, accounting, or related disciplines with a minimum of ten (10) years of IT auditing experience or related industry experience.
• Must meet eligibility requirements to sit for the CISA, CIA, or CPA exam and earn certification within two years of hire date.

• Strong analytical, organizational, and written/verbal communication skills.
• Proven ability to cultivate strong working relationships with management and operational leaders to understand business processes, identify risk areas, and collaboratively develop practical, value added recommendations while maintaining independence and professional skepticism.
• Ability to converse with IT personnel and communicate technical information to non-technical audiences.
• Strong project management skills
• Proficiency with the Microsoft Office productivity suite.
• Proven ability to work independently and as part of a team.
• Working understanding of fundamental information technology control concepts.
• Ability to learn and assimilate new information systems and applications quickly.
• Solid employment and/or academic performance history.

• Experience auditing information technology, cybersecurity, cloud technologies, identity and access management, and Artificial Intelligence technologies in higher education or in Texas state government.
• Versed in the application of professional auditing standards.
• Familiarity and experience in using TeamMate+ or similar electronic work paper system.
• Working knowledge of Texas statutory requirements applicable to public universities, such as Texas Administration Code (TAC) 202.70 - 202.76, Texas Business and Commerce Code 521, Texas Government Code 2054, DIR Security Control Standards Catalog and DIR Cybersecurity Framework.
• Working knowledge of NIST 800.53r5 Information Technology Controls and NIST Cybersecurity Framework (SCF) 2.0.
• Ability to interpret information technology, cybersecurity, and emerging technology regulations and apply to agency systems.
• Experience in application control audits and a familiarity and understanding of management information systems in multiple environments, i.e., on premises, cloud applications, or Software-as-a-Service (SaaS).
• Working knowledge of Active Directory and other Identity Management applications.
• Experience with Ellucian Banner ERP in on-premises, cloud, and/or SaaS environments.
• Experience in evaluating multiple server operating systems (Windows and Linux environments).
• Experience in network management controls encompassing both wired and wireless environments, including all associated devices (firewalls, routers, switches, etc.).
• Familiarity with various network management monitoring applications.
• Exposure to computer forensics and analysis.
• Experience using data analysis software (ACL, IDEA, TeamMate Analytics, etc.).
• Familiar with relational and non-relational database administration.
• Experience with Oracle, PostgreSQL, and/or MS SQL.
• Experience reading SQL scripts used to extract data.
• Experience in developing reports for data extracts and continuous monitoring.
• Familiarity with controls over website development and content management systems.
• Other relevant industry experience.

Supplemental Information

SALARY AND BENEFITS:
Maximum salary for the position is $119,000 and is commensurate with the successful applicant’s experience and qualifications. Customary and usual state employee benefits apply, including but not necessarily limited to retirement (TRS), health insurance (ERS), holidays, vacation leave, and sick leave.

SENSITIVE SECURITY STATEMENT:
This position is security-sensitive and thereby subject to the provisions of the Texas Education Code §51.215, which authorizes the employer to obtain criminal history record information.

INFORMATION ABOUT THE TEXAS STATE UNIVERSITY SYSTEM, LAMAR COMPONENTS, AND SUL ROSS STATE UNIVERSITY

To learn more about The Texas State University System, the Lamar Components, or Sul Ross State University, please visit:

http://www.tsus.edu
http://www.lamar.edu
http://www.lit.edu
http://www.lsco.edu
http://www.lamarpa.edu
https://www.sulross.edu

SELECTION PROCESS:
To be considered for the position, applicants must submit a cover letter and resume that includes complete employment and education history and professional certifications held. The cover letter and resume may be submitted via U.S. Mail or email to:

Ms. Ramona Stricklan, CIA, CFE
System Director – Office of Internal Audit
Texas State University System
601 Colorado Street
Austin, TX 78701-2904

ramona.stricklan@tsus.edu

ADDITIONAL INFORMATION FOR APPLICANTS:

• The Texas State University System is a tobacco-free/drug free workplace.
• A criminal history background check is required for finalist(s) under consideration for this position.
• The Texas State University System is an “at will” employer.
• If hired, you will be required to complete the federal Employment Eligibility Verification form, I-9. You will be required to present acceptable, original documents to prove your identity and authorization to work in the United States. Information from the documents will be submitted to the federal E-Verify system for verification.

Lamar University is An Equal Opportunity Employer

Lamar University is proud to provide employment preference to veteran applicants in accordance with Texas 805 Government Code, Section 657.003.

This position is security-sensitive and thereby subject to the provisions of the Texas Education Code §51.215, which authorizes the employer to obtain criminal history record information.