The Department of Internal Audits seeks a Senior Information Technology Auditor who will perform these duties and responsibilities:
Serve as the lead in the development, implementation, and evaluation of information technology internal audits for assigned organizational areas and functional activities throughout The Johns Hopkins Institutions (Johns Hopkins University and Johns Hopkins Health Systems) in accordance with the Annual Audit Plan.
Audits may include: technical IT infrastructures, automated application controls, IT general controls, system pre-implementations, Advisory Reviews and teaming with operational auditors on projects.
Set clear expectations for audit team, coordinate assignments, monitor productivity, and ensure high quality output. Will serve as technical resource to other team members.
Performs assigned duties in accordance with the accepted professional standards requiring:
Independence and objectivity.
Knowledge of information technology principles and standards, proper administrative control procedures and good business practices, and
Ability to assess risk, relative to the proper application of controls.
Serve as a leader and a role model.
Promotes Department image through quality work, sharing knowledge and professional dealings and maintain confidentiality of information.
Specific Duties & Responsibilities:
Document current information technology practices through interviews, observation, investigation and testing.
Test systems (utilizing automated and/or traditional auditing methods) and analyze results of testing.
Identify through investigation and analysis, underlying causes and contributing factors to noted problems.
Identify and assess risks.
Identify appropriate solutions and formulates sound reasonable recommendations for management’s corrective action, using appropriate criteria and cost-benefit considerations.
Prepare formal written reports, expressing conclusion on the adequacy and effectiveness of the system and the efficiency with which activities are carried out.
Plan internal audits by gathering specific relevant background information (IT documentation, and policies and procedures) from the Institution’s information systems, web-based and other information sources.
Utilize organizational and regulatory knowledge to identify audit constraints and shape priorities.
Negotiate audit parameters with Director. If leading an audit, will ensure that all members understand their individual roles and responsibilities.
Design appropriate risk and control matrix and time budgets based upon interviews and evaluation of underlying financials and business risks.
Utilize advanced knowledge of Microsoft Office Suite and other business and audit-related software to conduct internal audit work as well as the extraction of relevant business data and its analysis using analytical software.
Thoroughly address all objectives and risks identified in audit planning and conclude on operational effectiveness and efficiency, considering industry best practices.
Prepare clear and concise working papers and other documentation supporting discussions, operational facts and results of testing to justify conclusions. When serving in a project lead role, will review all working papers related to the project.
Communicate recommendations to management through logical, clear and concise written and oral means to gain understanding and agreement on audit issues and commitment to implement corrective action.
Review internal controls on major systems development projects, serve as liaison between technical and non- technical personnel; and will participate on new system implementation and other committees when necessary, providing suggestions and feedback, reviewing and analyzing draft designed internal controls and operating processes prior to system implementation, testing the completeness of the transfer of data from the old to the new system, and post-implementation testing of controls, security, and transactions for adequacy and accuracy.
Perform follow-up internal audits to evaluate management’s implementation of Action Plans.
Monitor project status and issues on a timely basis and report progress and issues to project lead or Director timely and regularly.
Evaluate feedback from customers as well as lessons learned meetings and identify possible areas for improvement. Implement changes in future audits as needed.
Oversee the activities of Information Technology Auditors to ensure effective utilization in completing assigned projects.
Provide day-to-day support of Internal Auditors as needed (create open lines of communication, provide regulatory updates, advise on difficult situations, etc.).
Participate in personnel development training and performance evaluation programs. May provide oral feedback to staff assigned or to the director for inclusion in staff performance or project evaluation.
Interact appropriately with all levels of personnel, building good working relationships, and establishing a network of organizational contacts.
Able to work independently and with varying levels of management.
Manage multiple projects or single projects in complex environments. Manage competing priorities.
Assist other Auditors as appropriate and necessary to execute assigned projects.
Consider multiple approaches and develop solutions to problems.
Demonstrate projectmanagement and time management skills.
Address dificult and sensitive issues in a timely and effective manner.
May be responsible for more complex audits than those handled by Internal Auditors (act as lead on a multi-entity audit requiring coordination of several other auditors, implement a new audit with no available history or background, responsible for high visibility/high priority audits, etc.). May also have a higher volume of audits.
Provide occasional IT support to operational auditors and support staff.
Demonstrate a thorough understanding of Healthcare and/or Higher Education industry. Monitor changes in the industry and be able to understand the impact to own work.
Scope of Responsibility:
Knows the formal and informal departmental goals, standards, policies and procedures that may include some familiarity of other departments within the JH Institution. Is sensitive to the interrelationship of both people and functions throughout the organization. Responsible for own professional development and contributes to the development of others.
On a regular and continuous basis, exercises administrative judgment and assumes responsibility for decisions, consequences and results having an impact on people, costs and/or quality of service within the functional area.
In accordance with Department policy, can make all decisions necessary to carry out assigned projects and related internal audit and work programs to meet the audit objectives. May direct the activities of staff or a function and /or represent the function at meetings.
Uses proper oral, written and interpersonal communication skills. Exchanges information using tact and persuasion, as appropriate. Effectively shares relevant information with assigned team and fosters dialogue as necessary.
Minimum Qualifications (Mandatory):
Bachelor’s degree in Management Information Systems, Computer Engineering, Computer Science, Accounting or related discipline.
Minimum of five years of IT audit (external or internal) experience.
May consider candidates with other audit experience.
Six plus years of IT experience preferred.
Professional certification or progress toward certification (Certified Information Systems Auditor (CISA).
Certified Information Security Manager (CISM).
Certified Information Systems Security Professional (CISSP).
To protect Johns Hopkins institutional resources by:
Identifying and evaluating risks within business processes
Assessing and testing internal controls for effectiveness
Investigating suspected misuse of resources
Validating management corrective actions
Communicating results to trustees, senior leaders, and other impacted stakeholders, and
Developing an engaged and talented staff through the use of a systematic approach, innovative techniques and comprehensive tools.
For the benefit of Johns Hopkins Institutions, OHIA will:
Be a catalyst in improving the internal control environment through raising awareness and providing assurance
Develop creative audit approaches in response to change
Be viewed as a leader in Higher Education and Healthcare internal auditing
Integrity – Ethical standards are the foundation of integrity
We are truthful, trustworthy and fair in all of our efforts.
We hold ourselves and each other to the highest standards of professionalism, confidentially, and ethical conduct.
Excellence – The foundation to achieving excellence is maintaining our objectivity
Competence – We utilize our collective... experience and talents to provide high quality internal audit services, aimed at increasing accountability across the organization. We seek to use best practices found within and outside of the organization in performing audits and investigations.
Continuous Improvement – We continually seek out better and more effective ways to do our work.
Personal Development – We emphasize personal development to help us achieve excellence.
Respect – The foundation of building and maintaining relationships lies in the respect we show to one another
Work/Life Balance – We respect balance in each other’s lives.
Recognition – We honor and acknowledge each individual’s contribution to our efforts.
Diversity and Inclusion – We appreciate each other’s differences and value the unique strengths that each person contributes.
Collaboration – Collaboration is evidenced by communication, problem solving, and conflict resolution through bringing together knowledge, experience, ideas and skills to achieve a common goal
We foster teamwork while maintaining individual accountability.
We value client input in scope of audit projects as well as in written reports.
We value sustainable relationships with our clients.