Complete Description:
**local candidates strongly preferred
**initial phone interview will be followed by a personal interview. Candidate must be willing and able to come to Richmond, VA for the personal interview
**All candidates must be legally eligible to be hired as a state employee
IT Auditor
Years of Experience:
4-6 years
Audits information systems, platforms, and operating procedures in accordance with established corporate standards for efficiency, accuracy and security.
Job Description:
Performing information security audits of sensitive IT systems for compliance with COV ITRM IT Security Policy SEC500-02 and ITRM IT Security Standard SEC501-07. Audits will be conducted in accordance with the IT Security Audit Standard SEC502-02.1.
Performing all phases of an audit from the planning, developing the audit program, preparing audit work papers, creating draft reports, to presenting audit findings to management and staff.
Performing other audit work that may include IT, financial and compliance audits
Preparing accurate, logical and well-referenced work papers using an audit software program (Teammate) to properly document audit procedures and results
Serving as a resource to SCC staff for internal controls and information security controls on systems
Writing clear, organized audit reports
Reviewing new systems to ensure that security and internal controls are implemented
Fundamental requirements:
Qualified person to conduct IT security audits of sensitive IT systems for compliance with Commonwealth of Virginia Information Security Standards
5 or more years of recent IT audit experience, with emphasis in conducting security audits in the areas of risk management, contingency planning, system security, data protection, IT facilities security, personnel security, threat management, and IT asset management
Ability to conduct IT security audits from planning through reporting phases with general supervisory guidance
Working knowledge of the Commonwealth of Virginia Information Security Policies and Standards
Knowledge, understanding, and experience with COBIT framework
Familiarity with pertinent industry information technology guidelines and standards (NIST, ISO, SOX, COSO)
Current certifications such as CPA, CIA, CISA or CISSP
Familiarity with an audit software program such as Teammate
Exceptional verbal and written communication skills; able to write clear, organized audit reports and communicate audit findings
Ability to establish good working relationships with SCC staff
Legally eligible to be hired as a state employee
Graduate of an accredited college or university in accounting, auditing or information systems
Skills:
Recent IT audit experience, with emphasis in conducting security audits in the areas of risk management, contingency planning, system security
Required 5 Years
Ability to conduct IT security audits from planning through reporting phases with general supervisory guidance
Required 5 Years
Working knowledge of the Commonwealth of Virginia Information Security Policies and Standards
Highly desired
Knowledge, understanding, and experience with COBIT framework
Required 2 Years
Certifications as CPA or CIA or CISA or CISSP
Required
Familiarity with an audit software program such as Teammate
Required 5 Years
Graduate of an accredited college or university in accounting, auditing or information systems
Required
Questions:
Which of the above-named certifications does your candidate possess?