Reporting to the Director of IT Audit within Internal Audit, the Associate Director IT Audit performs the most complex technical and compliance audits, analytics, and certain investigations (i.e. projects) of the University and is jointly responsible for designing, scheduling and reporting quality control reviews of audit, analytics, and investigation projects conducted by the department and will maintain all organizational and professional ethical standards.
Specific responsibilities of the Associate Director IT Audit include, but are not limited to:
Coordinate annual audit schedule and related kick-off communications, meetings and support presentations.
Prepare annual internal audit (IT) risk assessment support packages, manage risk assessment meeting minutes, and perform results mapping to established Internal Audit Universe and Risk Assessment, and to University ERM (Enterprise Risk Management).
Design (jointly with peer Financial and operations auditors) a quality assurance schedule and perform quality control reviews and related results reporting and remediation notifications for audit, analytic, and investigation projects conducted by the department.
Play a strategic role in developing the Internal Audit Continuous Controls Monitoring and Analytics program.
Plan, design, lead and or deliver end-to-end technology projects (audits, analytics, investigations, and special projects) in accordance with department or other standards as set forth by the IIA, ISACA, ACFE and other relevant professional bodies and within budgeted timelines.
Design communications templates for audit, analytic, and investigation projects, including but not limited to announcements, objectives, research activities, work programs/plans; risk assessment/risk control matrices (where applicable), conceptual process flows (where applicable), questionnaires (where applicable), and resource/time budgets.
Understand and act in alignment with the relationship to overall Columbia University environment (including industries of Healthcare, Academic Medicine and Research).
Oversee and direct the ac??tivities of staff, including reviewing and approving work, writing reports, and coaching/guiding staff on stakeholder interview, walk-through and testing techniques.
Lead audit issue presentation and communications with assigned project team, Internal Audit leadership and/or stakeholders and prepare related documentation and presentations that adequately explain key decisions, proposed findings, support and recommendations.
Determine, assess and conclude on design effectiveness and operating adequacy of controls in place.
Determine, assess and conclude on predications and allegations.
Lead cross-functional discussions on existing process and control enhancement opportunities and provide related guidance on risk, control, fraud prevention and process options.
Independently interact with SBO, Senior Management, IT Leadership Committee members, External Auditors and Regulators and, coordinate and collaborate with the offices of Compliance, Security, Legal Counsel and others where necessary.
Collaborate with Financial / Operations Auditors to identify and ensure coverage of touch points among projects occurring within other audit teams.
Manage multiple assignments, multi-task and track and report progress against project plans and budgets to Audit Management.
Review or prepare distributable quality draft reports for assigned projects (audit, analytics, investigations/internal controls), including proposed findings and recommendations.
Facilitate/Manage follow-up activities and related reporting for projects, including but not limited to audit issue tracking, analytics monitoring, and investigation closeouts.
Proactively keep the Audit Directors and AVP informed of the progress of projects.
Other duties and special projects as assigned.
Bachelor's degree in computer science, information systems, technology audit, MIS or related disciplines plus a minimum of 7 years of related experience required.
Must hold, or obtain within 12 months of hire, Certified Information Systems Auditor designation.
Minimum of seven years of related experience is required, including at least four years in managerial roles for technology operations, information security, IT auditing, or IT consulting.
CPA, CIA, and CFE a plus.
Knowledge of Peoplesoft, JCL, DB/2, HTML, Java, Windows, Oracle, ACL or other CAAT is strongly desired.
Strong knowledge of the Information Systems Audit and Control Association (ISACA) professional standards, NIST/ISO/ITIL/COBIT IT risk and controls frameworks, and International Standards for the Professional Practice of Internal Auditing and Code of Ethics developed by the Institute of Internal Auditors (IIA).
Demonstrated experience and expertise in the risks, controls, terminology, concepts and practices inherent in an information systems environment, including networks, infrastructure, and applications.
Knowledge of industry program policies, procedures, regulations, and laws.
Demonstrated success, within Internal Audit, or education/healthcare business operations, in developing programmatic level strategies to drive technology and operational efficiency, agility, and quality.
Must be able to understand the strategic plan for the department and the organization and to translate it into a tactical approach for communicating and accomplishing departmental goals as well as organizational goals in respect of a well-structured control environment.
Must have experience with continuous control monitoring to further assist the development of the analytics program.
Success in leading change management projects focused on functionally and organizationally integrating teams and leveraging shared resource pools.
Demonstrated ability to manage multiple teams in planning, performing, and project tracking simultaneously occurring audits, investigations, and advisory projects.
Must be able to demonstrate excellent analytical and critical thinking skills and techniques, and to evaluate information and draw logical conclusions.
Demonstrated ability to present audit findings in a way that is indicative of a deep understanding of broader strategic issues facing an organization and to convey appropriate clarity for the various target audiences.
Ability to prepare, negotiate, and resolve issues relative to audit findings, recommendations, reports, memos, summaries, and analyses.
Must be able to demonstrate excellent active listening, interpersonal, written, and oral communication (including active listening) skills and provide attention to detail.
Must be a strong role model and coach and have a passion for excellent customer service and commitment to exceptional quality.
Proficient to advanced knowledge in Microsoft Office (Outlook, Word, Excel, PowerPoint, Visio), audit management software, and data analysis and visualization tools.
Knowledge and hands-on experience in current technology platforms as well as older technologies is required, including some of the following: Mainframe, Client Server, Unix, AIX, Linux WEB, and Firewall.
International Travel (10-20%).
Equal Opportunity Employer / Disability / Veteran
Columbia University is committed to the hiring of qualified local residents.
Columbia University is one of the world's most important centers of research and at the same time a distinctive and distinguished learning environment for undergraduates and graduate students in many scholarly and professional fields. The University recognizes the importance of its location in New York City and seeks to link its research and teaching to the vast resources of a great metropolis. It seeks to attract a diverse and international faculty and student body, to support research and teaching on global issues, and to create academic relationships with many countries and regions. It expects all areas of the university to advance knowledge and learning at the highest level and to convey the products of its efforts to the world.