As a member of the University Audits IT Audit team, the individual hired will be responsible for performing complex audits of all aspects of information technology. Information Technology audits provide objective verification of effectiveness and efficiency of processes, controls, and security of IT systems in all areas of the university. The audit process includes planning, risk assessment, internal controls analysis, documentation, writing of audit reports, and communications with audit clients. Audit tasks include gathering evidence, conducting interviews, understanding and documenting client processes, conducting audit testing, assessing evidence and test results, drawing conclusions, and documenting work performed. Deliverables include written reports that address mitigation of risk, efficiency, accountability, and improved compliance.
Candidates need to demonstrate expertise related to information systems auditing, including: understanding security and control risks in the areas of logical and physical security, access controls, change management, data security, recovery and continuity practices, and networking technology.
Candidates should possess proven experience collecting and analyzing complex data, evaluating information and systems, drawing logical conclusions, and working collaboratively. A working knowledge of information technology and security best practices, control frameworks, business process mapping, and risk and controls identification are required.
* Salary is commensurate with the experience and qualifications of the selected candidate.
A Bachelor’s degree in management information systems, accounting, computer science, or equivalent is needed. Relevant information technology experience and/or audit experience in a sophisticated information technology environment is necessary. Excellent written and verbal communications and strong interpersonal skills are required.
Candidates should understand the concepts of internal controls in an IT context and risk assessment. However, inquisitive individuals with strong IT technical skills who are willing to learn auditing, are also encouraged to apply.
This position requires a proven track record of organizational, time management, and leadership skills; including the ability to successfully manage multiple projects simultaneously. Ability to work effectively and collaboratively as a team member within a diverse work group and the wider university community is a must.
Diversity, equity, and inclusion is critical to the teaching, research and service missions of the university. Therefore, the University of Michigan and University Audits are committed to enhancing diversity, equity, and inclusion. This position requires commitment to diversity, equity, and inclusion.
Knowledge of the NIST cybersecurity framework
Knowledge of security tools, vulnerability scanning, and penetration testing
CISA, CIA, CISSP, or relevant SANS certification is a plus.
Job openings are posted for a minimum of seven calendar days. This job may be removed from posting boards and filled anytime after the minimum posting period has ended.
The University of Michigan is an equal opportunity/affirmative action employer.