Please note: State agencies that contact job applicants do not usually request personal or financial information via text message or over the phone in connection with your response to a job posting. If you are contacted for such information by these methods, or any other method, please verify the identity of the individual before transmitting such information to that person.
Pursuant to Executive Order 161, no State entity, as defined by the Executive Order, is permitted to ask, or mandate, in any form, that an applicant for employment provide his or her current compensation, or any prior compensation history, until such time as the applicant is extended a conditional offer of employment with compensation. If such information has been requested from you before such time, please contact the Governor's Office of Employee Relations at (518) 474-6988 or via email at

Note: For questions about the job posting, please contact the agency that posted this position by using the contact information provided on the "Contact" tab for the position.

Review Vacancy

Date Posted 06/01/18

Applications Due06/15/18

Vacancy ID53825

AgencyInformation Technology Services, Office of

TitleInformation Systems Auditor 1 ITS, Ref #94806M

Occupational CategoryI.T. Engineering, Sciences

Salary Grade23

Bargaining UnitPS&T - Professional, Scientific, and Technical (PEF)

Salary RangeFrom $73284 to $92693 Annually

Employment Type Full-Time

Appointment Type Temporary

Jurisdictional Class Pending Non-Competitive

Travel Percentage 10%

Workweek Mon-Fri

Hours Per Week 37.5


From 6:30 AM

To 5 PM

Flextime allowed? No

Mandatory overtime? No

Compressed workweek allowed? No

Telecommuting allowed? No

County Albany

Street Address Swan Street Building - Core 4

City Albany


Zip Code12220

Minimum Qualifications A Bachelor’s Degree and three years of IT auditing experience*.
*IT auditing experience must have been gained in any one or combination of the following:
• An auditor with responsibility for the audits of system development life cycle, including the writing and presentation of findings reports of technical issues to a non-technical audience.
• An auditor with responsibility for the audits of physical and logical access controls, general IT controls, and application controls, including the writing and presentation of findings reports of technical issues to a non-technical audience.
• An auditor principally engaged in audits of IT project management, telecommunication networks, software, and business continuity preparedness.
• An information systems professional with responsibility for the analysis and evaluation of information systems, including platforms; network infrastructure; and operational practices.
• As a field auditor with federal, state, or municipal agency, with the responsibility for performing comprehensive IT audits to determine the compliance of individuals or businesses.
Education/Experience Substitution: J.D. or Master’s Degree may substitute for one year of technical experience; Ph.D. may substitute for two years of technical experience.

Duties Description Under the direction of an Information Systems Auditor 2 ITS, SG-27, within ITS Internal Audit, the incumbent conducts technical and operational audits and assesses the effectiveness of controls for all ITS applications and network systems, ensuring effectiveness, efficiency, confidentiality, integrity and overall compliance with required laws and regulations.
Illustrative duties include, but are not limited to, the following:
• Develop and/or follow audit plans of computer systems and/or operation in accordance with applicable auditing standards (e.g. Institute of Internal Auditors, ISACA [formerly known as Information Systems Audit and Control Association], etc.).
• Obtain prior working papers, reports, and other documents and materials to gather an understanding of areas under audit.
• Analyze business unit activities and assess risk levels to determine areas for audit.
• Review and evaluate computer systems to determine if applications system controls are adequate.
• Analyze and evaluate the adequacy of IT policies and procedures.
• Evaluate systems and procedures relating to audit areas for compliance with applicable laws, rules and regulations and contract terms.
• Evaluate agency systems and IT operating practices for efficiency and effectiveness in meeting agency and legislative goals and priorities.
• Examine internal controls to evaluate the extent to which proper and effective controls are in place for areas under audit.
• Prepare and organize audit working papers to document the work performed and conclusions drawn during the audit.
• Write and/or prepare narratives, preliminary audit findings, and conclusions based on the findings derived from the audit procedures.
• Participate and/or conduct interviews with client personnel and perform walk-throughs to assist in the evaluation of internal controls.
• Examine transactions including purchases, contract payments, and personnel hiring to determine legitimacy, fraud, waste and abuse.
• Interpret technical IT matters that comprise the documented control deficiencies for purposes of classifying significant deficiencies, material weaknesses, and exit conference points.
• Review and evaluate the implementation of new systems to ensure that controls in the system are adequate and project management is utilized effectively.
• Use computer-assisted auditing tools and techniques across various platforms to meet audit objectives.
• May be assigned as a lead auditor and oversee the work of trainees and students assistants on small, low risk or fairly routine assignments.
• Discuss with audit team and auditee highly technical IT matters relating to deficiencies observed during control reviews.
• Under the supervision of the Information Systems Auditor 2 ITS, develop and perform adequate tests of control procedures to determine whether they have been placed in operation and are operating effectively.
• Make assessments of the effectiveness of the overall design and operation of related control procedures as it relates to the reduction of control risk. Prepare summaries of control deficiencies observed during IT control reviews which require the IT auditor to understand complex control procedures and determine whether they have achieved their objectives.
• Conduct data analysis and data mining.

• May perform tasks assessing program risks to plan potential audits, and work on special or audit research projects.
• Establish and maintain good working relations with the auditee.

Additional Comments Background check and fingerprinting are required. Appointments will be temporary pending non-competitive until non-competitive classification is complete.

Some positions may require additional credentials or a background check to verify your identity.

Name Dan Fitzgerald

Telephone (518) 473-0398

Fax (518) 402-4924

Email Address


Street Empire State Plaza, Swan Street Building, Core 4

PO Box 2062

City Albany

State NY

Zip Code 12220


Notes on ApplyingTo apply for this position, please send a cover letter
and resume indicating that you are applying for Info Sys Auditor 1 ITS, Ref #94806M. In your cover letter, please clearly indicate how you meet the minimum qualifications as stated above, and describe
relevant experience for this position.

Printable Version