Overview
From $81,705 to $103,350 Annually
800 North Pearl Street
Menands, NY 12204
Qualifications
No exam required under the New York Hiring for Emergency Limited Placement Statewide (NY HELPS) Program.
- A bachelor’s degree in Computer Information Systems, Computer Science, Computer Programming, Software Development, Computer Networking, Cybersecurity, Information Security, Information Systems, Information Technology.
- Three years of IT auditing experience gained in any one or combination of the following:
- Responsibility for performing IT-related audits and examinations to determine the compliance of agencies, authorities, municipalities, and schools, including reviews of physical and logical access controls, general IT controls, and application controls, and the writing and presentation of findings reports of technical issues to a non-technical audience.
—OR—
- An associate degree and five (5) years of IT auditing experience.
—OR—
- Responsibility for the analysis and evaluation of information systems, such as platforms, applications, network infrastructure, and/or IT-related operational practices and the writing and presentation of reports of findings suitable for non-technical audience.
—OR—
- Responsibility for supporting an audit group, such as designing, developing/programming, maintaining technological solutions in support of audit activity, and evaluating and developing artificial intelligence programs in support of audit activity.
Education Substitution
- A master’s degree may be substituted for an additional one year of IT audit experience (i.e., up to five years of experience).
Preferred Qualifying Degrees
- A bachelor’s degree in:
- Information Systems
- Computer Science
- Information Technology
- Cybersecurity
Duties
Under the direction of the Information Systems Auditor 2 (SG-27), the Information Systems Auditor 1 (SG-23) is responsible for providing independent and objective appraisals of the IT environment and applications of OSC. OIA-IT plays a key role in examining and evaluating the adequacy and effectiveness of the Comptroller’s Office system of internal control including related external service providers, and the quality of performance in carrying out assigned responsibilities, as well as providing IT control advisory services, but not limited to the following:
- Supervise activities related to the audit engagement.
- Prepare for, and participate in, audit-related meetings, including the Scoping, Opening and Closing conferences.
- Utilize automated workpaper software to document IT audit plans, risk/control matrices, IT audit programs, sampling plans, potential observations, and draft IT audit reports.
- Document the detailed design of the area (function/unit) under audit via flowcharts and narratives.
- Discuss the design of the function under audit with relevant OSC management to ensure it accurately captures the detailed process under audit as well as the key risks (to achieving the unit’s objectives) and related key controls.
- Assess the adequacy of the design of controls, identifying control weaknesses and other areas for improvement and developing recommendations for control improvement.
- Conduct detailed testing to determine the level of compliance with the design of the key IT control policies and procedures.
- Ensure that the IT audit work performed, and supporting documentation, complies with professional auditing standards and adequately supports any conclusions reached.
- Identify, with unit management’s input, insightful recommendations for improving the function under audit.
- Prepare the initial draft of the proposed IT audit report for Internal Audit management.
- Research audit and IT related products and/or services.
- Remain current on IT industry trends and practices concerning IT infrastructure, new equipment and software, and any related vulnerabilities and issues that may impact OSC’s IT internal control systems.
- Remain current on any changes to professional audit and IT standards.
Skills, Knowledge & Abilities
- Comprehensive IT experience.
- Strong analytical skills.
- Working knowledge of internal controls.
- Security conscious.
- Ability to be objective and respect confidentiality.
- Ability to research IT products, IT industry changes, and industry-known vulnerabilities.
- Knowledge of industry standards/frameworks such as, International Professional Practices Framework (IPPF), Center for Internet Security (CIS) critical security controls, Standards for Internal Control in New York State Government, and National Institute of Standards and Technology (NIST).
- Strong verbal communication and interviewing skills.
- Strong written communication and documentation skills, i.e., ability to prepare workpapers, document meetings, document audit findings, and prepare draft reports.
Cover Letter, Resume & Template
Reference Item #151179-NY HELPS- Info Sys Auditor 1 (Albany) on your cover letter for proper routing.
Be sure to submit an unofficial copy of any transcripts you may have with your cover letter, resume as there are educational requirements for this position, as well as this completed template. To access the required template, download, complete, and submit below. Interview selection is based solely on the information provided.