IT Security Auditor Senior - 17740BR

IT Security Auditor Senior

Internal Audit
University of Kansas - Lawrence
Employee Class: 
U-Unclassified Professional Staff

Position Overview

The Senior IT Security Auditor will lead a variety of IT audits, risk assessments, and special projects focused on evaluating and determining the effectiveness, adequacy, and efficiency of internal controls surrounding University data and assets. This position requires knowledge of IT general controls, IT frameworks (i.e. COBIT 5), and standards (i.e. NIST), as well as have the ability to assess financial, operational, and regulatory risks as they relate to the University's use of information technology. The incumbent will perform internal audits in accordance with the International Standards for the Professional Practice of Internal Auditing and also will be asked to perform operational and financial-related audits to help ensure the effectiveness of operations and compliance with relevant federal, state, and University policies and procedures. Decisions regarding the scope of work performed, nature of testing completed, and the reporting disposition of results may be delegated to this position with oversight by the Chief Audit Executive. The Senior IT Security Auditor must ensure all work performed has a focus of adding value and/or strengthening controls/operations. May coordinate student interns and entry level staff members.

Job Description

  • Independently and proactively plan and perform assigned audit engagements related to: information technology applications, infrastructure, general controls, security, confidentiality, integrity and availability of data, and the reliability of existing information system controls to determine that activities are in compliance with University policies and procedures, applicable regulations, and in line with applicable standards.
  • Create innovative approaches to issues as required by changes in university environment and administrative practices.
  • Create quality IT security and privacy audit recommendations based on the recognition of exposures, pertinent details and misaligned efforts or resources in the IT arena.
  • Work directly with the appropriate personnel within each client organization to identify corrective actions which mitigate risk, strengthen controls, improve operational efficiency and effectiveness and change policies to achieve university and department objectives.
  • Prepare written draft assessment reports which are persuasive and effectively summarize the objective and scope of each engagement including related assessment issues, recommendations and mitigation plans.
  • Provide timely briefing of the results of each engagement to appropriate University managers and operating personnel.
  • Independently and proactively plan and perform internal audit procedures for multiple engagements in an effective and efficient manner and in accordance with the International Standards for the Professional Practice of Internal Auditing.
  • Assign audit tasks to team members and provide appropriate training and supervision to ensure timely and accurate completion.
  • Deliver informative, clear, and concise presentations to Internal Audit leadership and University managers using Microsoft Office Suite and other related tools.
  • Assist the Chief Audit Executive and Internal Audit Director in developing and maintaining a pervasive risk analysis relative to the University's IT activities in the following areas: Planning & Organization; Acquisition & Implementation; Delivery & Support; Monitoring; and Security.
  • Communicate and maintain effective working relationships with the University’s information security and privacy offices.
  • Actively participate in internal audits and advisory projects that have an IT security component or involve compliance with IT-security related laws, regulations, policies, or procedures.
  • Exercise a high degree of discretion and independent judgment in planning, organizing, and executing assigned engagements within agreed time frames and in a manner consistent with applicable professional standards.
  • Obtain and analyze data on the systems, activities and controls being reviewed.
  • Apply independent judgment to ensure the evaluation is objective and reflects adequate understanding of the activity under assessment.
  • Research and apply knowledge of the following areas as required in assessing university activities: professional information technology assessment standards and skills with emphasis on information technology; applicable federal/state administrative laws and regulations; Board of Regents guidance; University policies, procedures, programs and systems; general management principles; and internal controls.
  • Prepare working papers to document the scope of review and to support assessment conclusions and mitigation plans.
  • Maintain the confidentiality of sensitive information.
  • Operate within approved time constraints while maintaining the accuracy, reliability, and thoroughness of information compiled and reported.
Specific Duties:
Under supervision of the Chief Audit Executive, implement appropriate audit methodologies and tests; conduct research on subject matters related to the audit; use relevant federal, state and University policies and procedures to assess compliance; recognize and document complex financial and business processes; conduct interviews and meetings with audit clients and stakeholders to elicit useful, relevant, and reliable information; collect and analyze both qualitative and quantitative data, extracting information that is significant to the project; document information and conclusions in an organized and useful manner; draft work summaries and audit reports assuring sufficient clarity and conciseness, grammatical and spelling accuracy. Use data analytical applications (IDEA or ACL) to perform internal audits or related work projects. Coordinate the ongoing and scheduled IT audit plan.

Required Qualifications

  1. Master’s degree in Accounting, Computer Science, or related field from an accredited college or university.
  2. Three years of experience assessing IT general and other internal controls in a university environment and performing internal audits in accordance with the International Standards for the Professional Practice of Internal Auditing.
  3. One year of experience using data analytical applications (IDEA or ACL) while performing internal audits or related work projects.
  4. Demonstrated ability with Microsoft Office Suite applications (including Excel, Word, and PowerPoint), and Microsoft Visio as articulated in application materials, interview and/or references.
  5. Currently licensed as a public accountant (CPA) and is certified as an information systems auditor (CISA).
  6. Knowledge of complex enterprise systems and of IT, privacy, and other operational risks within a university environment as demonstrated through application materials and/or interview.

Additional Candidate Instructions

A complete application consists of the online application with:
  1. Resume or curriculum vitae
  2. Cover letter
  3. Three professional references

Contact Information to Applicants

Jarod Kastning

Advertised Salary Range


Application Review Begins


Anticipated Start Date


Search Jobs
Posting Information
Posting ID:
Internal Audit
University of Kansas - Lawrence
Employee Class:
U-Unclassified Professional Staff
Application Review Begins: