Posting Details

Position Information

Position Title
IT/Operations Auditor - Internal Compliance

Position Type
Regular

Job Number
SA81424

Full or Part Time
full-time 40 hours weekly

Fair Labor Standard Act Classification
Exempt

Anticipated Pay Range
$90,000 - $110,000

Pay Range Information

Chapman University is required to provide a reasonable estimate of the compensation range for this position. This range takes into account a variety of factors that are considered in making compensation decisions, including experience, skills, knowledge, abilities, education, licensure and certifications, and other business and organizational needs. Salary offers are determined based on the final candidate's qualifications and experience, as well as internal equity and other internal factors. The anticipated pay range is not a promise of a particular wage.

Position Summary Information

Job Description Summary

The IT Auditor supports the Internal Audit function by performing risk-based audits and assessments across both technology and operational areas, with an expected 50/50 split between IT/cybersecurity audits and operational audits. On the IT side, the role evaluates general IT controls (ITGCs), application controls, identity and access management, infrastructure and cloud environments, system development and change management, third-party/vendor controls, data protection practices, and the accuracy and reliability of dashboards and reporting used for decision-making.
On the operational side, the role participates in audits of University departments and processes to evaluate internal controls, compliance with policies and procedures, and opportunities to improve effectiveness and efficiency. The position develops clear, well-supported workpapers and reporting, communicates findings and practical recommendations, and tracks remediation to closure. As part of assigned audit engagements, the position may perform audits or assessments of AI-enabled tools and processes by evaluating governance and control practices (e.g., data protection, accuracy, access controls, and vendor oversight) and may assist the department in identifying responsible ways to use AI to improve efficiency and consistency across audit and compliance work. The position maintains independence, objectivity, integrity, and confidentiality consistent with Internal Audit standards.

Responsibilities

• Perform IT audits and assessments under the direction of Internal Audit leadership, including scoping, risk assessment, process documentation, control evaluation (design and operating effectiveness), and maintaining well-supported workpapers.
• Test IT general controls and application controls (e.g., access, change management, operations, backup/recovery) and use data analytics where appropriate to identify anomalies and trends.
• Validate dashboards and report data by tracing key metrics to source systems, assessing data definitions and transformation logic, and documenting results to support audit conclusions and stakeholder reporting.
• Communicate findings to stakeholders, develop practical recommendations, and track management action plans, timelines, and evidence of completion through remediation and closeout.
• Summarize risks, findings, and recommendations; maintain issue tracking and provide periodic status reporting on open remediation items.
• As part of assigned audits, review third-party assurance (e.g., SOC reports) and vendor security documentation and evaluate whether contractual control requirements are defined and monitored; communicate gaps and recommendations to management for remediation.
• As part of assigned audits, evaluate the design and operating effectiveness of cybersecurity governance and key controls (e.g., access management, configuration/change control, incident response readiness, and logging/monitoring) and communicate observations and recommendations to management.
• As part of assigned audits, evaluate governance and controls over the use of Artificial Intelligence (AI)-enabled tools and processes (e.g., data protection, access controls, vendor oversight, and monitoring/quality controls) and communicate control gaps and recommendations to management.
• Assist the department in responsibly leveraging AI-enabled tools (e.g., automation, analytics, and document review) to improve efficiency and consistency across internal audit and compliance workflows, consistent with applicable policies and data protection requirements.
• Support non-IT internal audits and special projects as assigned (e.g., operational, compliance, or financial control reviews), including documentation, testing, and issue follow-up.
• Collaborate with internal stakeholders and external auditors as assigned; provide status updates, coordinate requests for evidence, and support follow-up testing to validate remediation.

Required Qualifications

• Bachelor's degree from an accredited four-year college or university in Information Systems, Computer Science, Cybersecurity, Accounting, or a related field (or equivalent experience).
• 1-2 years of experience in IT audit, IT risk management, cybersecurity, technology controls, or a related area in a complex organization (higher education or similarly decentralized environment preferred).
• Operational audit experience is preferred; candidates without operational audit experience must be willing to learn and support operational audit engagements.
• Demonstrated knowledge of IT audit methodology, including planning/scoping, walkthroughs, control design and operating effectiveness testing, sampling, and evidence/workpaper standards.
• Knowledge of common technology control frameworks and standards (e.g., NIST, ISO 27001, COBIT, ITIL) and the ability to apply them to assess control maturity and risk.
• Strong written and verbal communication skills, including the ability to translate technical issues into clear risk statements, recommendations, and executive-ready reporting.
• Ability to analyze logs, configurations, and data sets to support audit testing

Desired Qualifications

• Experience auditing cloud environments, identity and access management, and/or reviewing SOC reports and vendor security assessments; familiarity with AI governance/controls and experience partnering with compliance functions in a higher education or similarly regulated environment preferred.
• CISA (Certified Information Systems Auditor) preferred; CISM, CISSP, or similar certification also valued. If not currently certified, willingness to pursue certification is desired.

Minimum Number of References

Maximum Number of References