Come join the University of Minnesota’s widely respected Office of Internal Audit (OIA) as the Information Technology (IT) Audit Director! In this role, you will help improve IT systems' security and operations across the University system.

As the IT Audit Director, you’ll be responsible for designing the University’s IT audit work plans and managing audit work, which is designed to evaluate the effectiveness and efficiency of the University’s network of risk management, control, and governance processes over information technology and security. The University’s technology portfolio is vast, with thousands of technologies that include cloud-based applications, in-house infrastructure and data centers, and cutting-edge supercomputers and research systems. IT audit work addresses all technology related activities occurring in the University system.
In this position, you will help develop the annual audit plan and manage audit staff in the completion of projects in alignment with this plan, making decisions on budget, schedule, and staffing in consultation with the Chief Auditor.

Essential Responsibilities:           
1. (~50%) Coordinating and managing the use of audit resources to provide appropriate audit coverage primarily of IT operations, security, and activities. Tasks include:

• Creating high-level plans for individual audits, which include information about the intended scope of work and anticipated business practices of the operations under review.
• Managing the communication of plans and results of individual audit projects to senior leaders.
• Reviewing the planning materials developed by projects’ lead auditors to ensure there has been a comprehensive and appropriate assessment of risk and the deployment of planned audit resources is reasonable.
• Overseeing the management of individual audit projects and the IT audit portion of audit projects that are not exclusively focused on IT risks, activities, and operations.
• Reviewing the audit work product to ensure it fulfills the objectives of the project.
• Ensuring that quality and continuous improvement are integral components of the University’s control processes.
• Verifying that significant legislative or regulatory issues impacting the University are recognized and addressed appropriately.
• Editing the audit reports to ensure they reflect appropriate audit judgment regarding the issues noted and the conclusions drawn, evaluating the significance of audit findings, and ensuring recommendations made are cost effective and adequately address risks.

2. (~20%) Respond to requests from senior University management for audits/advisory services of functions, units, or activities. Establish and maintain relationships with University leaders responsible for defining and executing institutional IT strategies and plans. Tasks include:

• Serving on University-wide committees and oversight groups and providing internal audit perspective related to controls, business process changes, and compliance activities.
• Managing the planning, oversight, and completion of special projects.
• Developing a working relationship with University management so that they continue to view Internal Audit as a valuable resource.
• Providing consulting and advisory services to University leaders, including when major systems are being replaced or upgraded, emerging technology is affecting or expected to affect University operations, and when material changes to IT strategies and standards are being considered.
• Periodically providing IT leaders with summary assessments on the adequacy and effectiveness of the University’s IT controls.

3. (~10%) Develop the department’s IT audit strategy and annual IT audit plans. Tasks include:

• Keeping the Chief Auditor informed of significant changes to IT strategies, standards, and practices, as well as the University’s use of emerging technology. This will include how changes impact the University’s risk profile and ability to accomplish its mission/goals.
• Meeting with University senior management to obtain updates on significant changes to collegiate and institutional strategies, standards, practices, and other activities related to IT and security that may impact the University’s risk profile and the ability to accomplish its mission/goals. 
• Developing an annual IT audit plan that uses both dedicated IT auditors and non-IT auditors in a risk-based approach that allows for regular and comprehensive audit coverage of University IT processes, units, and key systems. 
• Refining and updating the department’s audit IT risk model, which is used to create the annual audit plan.

4. (~10%) Manage and occasionally lead individual audit projects that are investigative in nature. Tasks include:

• Gathering University data and other information that may be confidential and/or sensitive in nature.
• Interviewing subjects and/or targets of an investigation to gather additional information needed.
• Working with legal counsel, law enforcement, regulatory agencies, and other parties to communicate the results of the investigation.
• Communicating results to those reporting allegations and concerns to the extent allowable by law.

5. (~10%) Perform management duties and activities necessary to fulfill the needs of the office and function. Tasks include:
• Performing performance reviews of IT audit specialists.
• Coaching all staff who are or will be performing IT audit work.
• Keeping audit staff informed of material changes to University IT strategies and standards, including the implications of emerging technology on traditional control processes.
• Making staffing decisions for IT audit positions in consultation with the Chief Auditor.

Other Responsibilities:

• Conduct follow-up work to determine the status of prior recommendations made to management.
• Complete training and other activities to maintain and enhance professional skills and abilities.

Working at the University
At the University of Minnesota, you’ll find a flexible work environment and supportive colleagues who are interested in lifelong learning. We prioritize work-life balance, allowing you to invest not only in the future of your career but also in your life outside of work.

The University also offers a comprehensive benefits package that includes:
• Competitive wages, paid holidays, vacation and sick leave
• Opportunities for career growth and promotion
• Continuous learning opportunities through professional training and degree-seeking programs supported by the Regents Scholarship
• Low-cost medical, dental, and pharmacy plans
• Healthcare and dependent daycare flexible spending accounts
• University HSA contributions
• Excellent retirement plans with employer match
• Disability and employer-paid life insurance
• Wellbeing program for reduced insurance premiums
• Student loan forgiveness opportunity
• Financial counseling services
• Employee Assistance Program with eight sessions of counseling at no cost

For more information regarding benefits, please visit the Office of Human Resources website. 
 

Required Qualifications:
• Ten or more years of information technology (IT) audit experience, or combination of audit and IT operational experience
• Staff management experience
• Professional certification (e.g., CISA, CPA, CIA, CFE) and/or an advanced degree, with a CISA particularly desired
• Proficiency in evaluating IT risk and managing IT audit activities in a manner that conforms to the Institute of Internal Auditor’s professional standards
• Knowledge of IT systems and system security audit principles and techniques
• Effective interpersonal and relationship building and collaboration skills
• Good analytical skills with high attention to detail and accuracy 
• Demonstrated commitment to valuing diversity and contributing to an inclusive work and learning environment 
• A bachelor’s degree, with a major in technology, technology management, computer science, accounting, finance, management, or similar business emphasis preferred 

Preferred Qualifications:
• Experience working in higher education or other large, diversified, decentralized, highly regulated, and multi-unit organization
• A working knowledge of the University of Minnesota: its business processes; policies and procedures; governance practices; and regulatory obligations
• Experience with ERP systems’ (e.g., PeopleSoft) financial, human resource, and student components
• Advanced knowledge of the use of data analytics and how it can be applied to audits
• Extensive knowledge of and experience performing IT and information security risk assessments (e.g., performing server and database configuration reviews)
• Experience managing IT operations and/or implementing new systems