Under limited supervision, plans and conducts Information Technology (IT) audits and activities of the agency for the Office of Internal Audits. Analyzes and assesses the agency’s technology infrastructure to ensure processes and systems run accurately and efficiently, while remaining secure and meeting compliance regulations. Identifies risks and evaluates internal controls in information system environments. Assists the Internal Audit Director in developing and managing IT Continuous Auditing Programs.
Plans and analyzes IT systems leveraging COBIT, COSO, ISO, ITIL, NIST, and other relevant frameworks, regulations, and guidelines. Performs test of design and operating effectiveness over IT general controls. Reviews the selection and implementation of IT technical controls. Validates baseline security configurations for operating systems, applications, networking, and telecommunications equipment.
Prepares working papers and reports to support recommendations and conclusions with related IT standards. Develops, builds, and implements tools to analyze data to improve audit efficiency and effectiveness, including risk assessments. Provides analytics to be used to incorporate best practices in continuous auditing. Performs risk assessments (e.g., data security, IT Governance, disaster recovery) and provides IT input to the Internal Audit Director in development of the Annual Five Year Audit Plan to improve IT compliance and effectiveness of DHEC's information systems environment. Follows up on recommendations made by external auditors or outsourced firms on IT external audit reports; as well as recommendations made from IT internal audit reports. Utilizes data analytics software to assist OIA with auditing, consulting, and special reviews. Performs data extractions, analytical testing and security reviews utilizing Audit Command Language (ACL) and other analytical tools. Provides IT technical support for the Office of Internal Audits (e.g., hardware, software, ACL, etc.).
Minimum and Additional Requirements
A bachelor's degree in computer science, information technology, accounting business administration, or finance or a related field. At least five (5) years of professional experience in IT auditing, accounting and/or auditing. Designation as a Certified Information System Auditor (CISA), Certified Public Accountant (CPA) or a Certified Internal Auditor (CIA) is required.
Extensive knowledge of the practices, principles and theories of accounting, auditing, and management. Also, knowledge of the frameworks and standards for information systems auditing (i.e., COBIT, COSO, ISO, ITIL or NIST), as well as Generally Accepted Government Auditing Standards (GAGAS), and/or Generally Accepted Accounting Principles (GAAP). Working knowledge of computer systems and software programs to include Word, Excel, and Windows. Working knowledge of ACL or other auditing software and the ability to analyze and interpret complex accounting, financial, and information system data. Ability to communicate both orally and in writing. Strong computer and organizational skills required. Must be able to change focus and easily move from one project to the next as priorities constantly change. Confidentiality is required. Valid SC driver's license is required. May require some day trips and overnight travel throughout SC. Applicants indicating college credit or degree(s) on the application may upload an unofficial copy of the transcript as an attachment to the application. Please note that the agency will require an official, certified copy of the transcript or diploma prior to hiring.