This is a management position reporting to the Director of Internal Audit and exercising independent judgment, as delegated, in the fulfillment of duties and responsibilities assigned. The incumbent is directly responsible for the information technology audit function and plans audits of the Office of Systems and Information Services. The position is responsible for developing specific audit steps and independently conducting fieldwork at the Research Foundation. The candidate identifies and documents deficiencies during the course of an audit and recommends corrective actions. The incumbent maintains exemplary standards of professional ethics and participates in activities that keep him/her current in the field of information technology auditing. The incumbent supports the work of other RF units by communicating effectively with staff involved in related projects, by being of assistance to others, and by participating in team-based projects as assigned.
DUTIES & RESPONSIBILITIES include, but are not limited to:
Reviews logical security and determines if appropriate access to computer resources is granted to employees of the Research Foundation.
Reviews computer operations.
Evaluates risks and internal controls related to specific computer applications.
Evaluates effectiveness of network system security to detect intrusions, viruses and other significant security events. Determines that security events are captured and properly monitored.
Evaluates and monitors system development to determine if changes are properly approved, documented, and tested.
Reviews and assists in the development of procedures for the Office of Systems and Information Services.
Prepares audit programs to plan and execute IT audits of controls over the Research Foundation’s computerized systems.
Evaluates data retention procedures to ensure controls are in place to provide reasonable assurance that back-ups are performed regularly and back-up media are appropriately protected.
Drafts written audit reports of findings and recommendations for corrective actions.
Assists in special projects and confidential investigations as assigned.
Other duties as assigned.
Minimum of Bachelors degree in Accounting, Information Systems/Computer Science, or related field.
Experience in the field of information technology auditing required.
A professional certificate such as a CISA, CIA, or CPA is a plus.
Good oral and written communication skills.
Good analytical and organizational skills.
Ability to work independently or part of a team.
Ability to work with diverse groups.
Knowledge of computer software applications (spreadsheets, word-processing, and power point).
The Research Foundation of the City University of New York (RFCUNY) is a private, not-for-profit educational corporation that administers grants and contracts for sponsored research programs at the City University of New York's 23 colleges and professional schools. (In 2008 awards totaled more than $344 million.) The organization focuses on supporting research in such areas as natural and social s...ciences, program evaluation, software development, and training and job placement. Through GrantsPlus, the foundation provides grant administration services for other schools, membership organizations, and other not-for-profits. RFCUNY was chartered by New York State in 1963.