Client manages multiple data systems and a complex networkinfrastructure that supports a broad base of service objectives. The Internal Audit Administration (IAA) IT Audit Unit is established to audit the effectiveness of the IT Control Environment within DES, with a broadly-conceived risk assessment to incorporate IT procurement, IT security, IT project management, and similar concepts.
The Senior Information Security Analyst reports directly to the Chief Audit Executive and completes all IT Audits carried out by IAA. This position is responsible for ensuring planned IT audits are conducted in accordance with the DES Annual Internal Audit Plan and ensures the quality of IAA IT Audits by participating in all phases of planned IT audits (including planning, fieldwork, and reporting). The Sr. Information Security Analyst completes IT audit work and audit monitoring activities ensuring that audit work meets or exceeds the highest standards of quality based on Government and applicable IT Auditing standards. undertaken by other teams within IAA.
* Carries out all planned and requested IT Audits for DES; directly participates in all IT Audit engagements (planning, fieldwork, and reporting stages); and has responsibility for completing and/or reviewing all working papers, written reports, and communications to ensure facts and conclusions are supported by sufficient and appropriate evidence, and comply with applicable auditing standards.
* Assists with the completion of IT-related audit work and audit monitoring activities undertaken by other teams within IAA.
* Assists the Chief Audit Executive with developing innovative strategies, designing metrics, and reporting to ensure the IT Audit Unit demonstrates a high degree of value for DES stakeholders.
* Internal and external IT auditing concepts, techniques, methods, and procedures;
* Internal control frameworks, including COBIT, ITIL, ISO, NIST, IRS Publication 1075, and similar publications, as well as general control frameworks offered by the Government Accountability Office (GAO), Institute of Internal Auditors (IIA), Committee of Sponsoring Organizations (COSO)
* Auditing Standards, including the GAO Generally Accepted Government Auditing Standards ("Yellow Book") and the IIA International Standards for the Professional Practice of Internal Auditing ("Red Book");
* Understanding and applying technical IT Auditing methods, including data mining and advanced analysis using software tools such as MS Access, Excel, SPSS, ACL, and similar tools
* Writing clear and concise work papers, emails, and reports
* Presenting technical findings to non-technical personnel in a manner that is easy to understand
* Time management
* Interpret and apply Federal, State, and local laws, rules, and regulations, and Department policy and procedure
* Plan and assist in IT audits across a broad range of topics in a large, complex operating and organizational environment
* Make sound decisions based on available data and recommend appropriate courses of action
* Communicate effectively and accurately, both orally and in writing
* Bachelor's or Master's degree from an accredited institution in MIS, Information Technology, Computer Science, or a related business field (accounting, Finance, or Business Administration coupled with significant IT Auditing experience)
* 5-7 years of IT Auditing experience
* 1-3 years of IT Auditing senior or supervisory experience.
* Current Certified Information Systems Auditor (CISA).