110 State Street
Minimum Qualifications Non-Competitive: One year of service as an Information Systems Auditor 1; or eight years of IT audit experience*.
*IT auditing experience must have been gained in any one or combination of the following:
• Responsibility for performing IT-related audits and examinations to determine the compliance of agencies, authorities, municipalities, and schools, including reviews of physical and logical access controls, general IT controls, and application controls, and the writing and presentation of findings reports of technical issues to a non-technical audience.
• Responsibility for the analysis and evaluation of information systems, such as platforms, applications, network infrastructure, and/or IT-related operational practices and the writing and presentation of reports of findings suitable for non-technical audience.
• Responsibility for supporting an audit group, such as designing, developing/programming, maintaining technological solutions in support of audit activity, and evaluating and developing artificial intelligence programs in support of audit activity.
Education/Experience Substitution: an associate’s degree may be substituted for up to two years of IT audit experience; a bachelor’s degree may be substituted for up to four years of IT audit experience; a master’s degree may be substituted for an additional one year of IT audit experience (i.e., up to five years of experience). There is a maximum of 5 years of educational substitution. Additionally, one year of generalized audit experience** may be substituted for one year of IT audit experience.
**Generalized audit experience - Performed performance audits in accordance with Generally Accepted Government Auditing Standards; analyzed areas for audit, addressed areas of risk; evaluated systems and procedures relating to audit areas for compliance with applicable laws, rules and regulations and contract terms, as appropriate; ensured funds are utilized in accordance with laws and regulations, and proper and effective controls are in place for areas under audit; used computer assisted auditing tools and techniques across various platforms to meet audit objectives; determined the accuracy and completeness of computer-processed data, prepared audit work papers to document work done and conclusions; prepared preliminary audit findings or portions thereof, discussed findings with auditee representatives, and participated in exit and entrance conferences.
Duties Description • Supervises IT Audits and IT Specialized Projects: Assists in ensuring the division IT Testing Labs contain the most up to date collection of hardware and software to allow simulations and tests of computing environments that will be audited. In this test environment, researches and tests new techniques, exploits, tools and technology to be used during audits and special projects for audit work. Trains appropriate staff in lab environment.
Assists in developing division audit plans and risk assessments of IT systems and operations and determines their impact on programmatic goals and objectives. Plans and defines areas and applications to audit and examine for special projects. Consults with other division auditors on IT areas within their audits/projects and assigns appropriate staff to help the teams.
Reviews overall IT testing methodologies used by the staff to ensure methodologies use sound IT techniques and follow standards. Reviews overall work of the audit team on the various audits and projects. Ensures work of staff addresses assigned activities, significant issues, is completed within assigned budget and ensures that staff is productive and efficient in their activities. Reviews and approves audit evidence and documentation of work prepared by staff for accuracy and compliance with IT and government audit standards. Conducts quality assurance responsibilities to comply with audit and OSC/division standards.
• Audit Reports: Reviews and edits reports written by staff to ensure reports are clear, concise, objective, complete, accurate, well organized, and meet OSC/division’s reporting standards.
• Train and Evaluate Staff: Trains Information Systems Auditor 1s on various IT audit-related techniques such as vulnerability assessment techniques and any new technologies, exploits, or tools. Prepare evaluations that are accurate, objective, balanced and timely.
• Other: Develops subject matter expertise for technology related agencies. Engages with external IT subject matter experts; for example, to help identify, research, and assess emerging technologies that will aid in the assistance of audits and special projects. May attend budget hearings for technology related agencies and issues.
Additional Comments Desired Competencies
• Demonstrates strong leadership abilities
• Strong interpersonal and team skills
• Strong verbal and written communication skills
• Demonstrates a vision which links goals of staff and team with OSC and SGA
• Strong experience in use of various IT audit software tools and techniques to identify system weaknesses
• Strong experience with network operating systems, security software system, and key application systems
• Advanced capacity in auditing skills, such as professional skepticism, persistence, creative thinking and risk taking
• Strong research skills in obtaining and validating critical information
• Strong analytical and problem-solving abilities
• Demonstrates knowledge of ongoing and emerging issues in technology and the audit profession.
• Strong supervisory skills, including coaching and developing staff
Some positions may require additional credentials or a background check to verify your identity.
110 State Street. 12th Floor
Notes on ApplyingInterested candidates should submit a cover letter, resume and the attached template https://web.osc.state.ny.us/recruit/docs/2914-2917_ISA2_MQ_Template_10_2022.doc to email@example.com no later than December 18, 2022. Please reference Item #02914-OER-LDS in the subject line and on the cover letter.
PLEASE NOTE: All candidates MUST complete this template in full to demonstrate they meet the minimum qualifications. Candidates will be selected for interview based SOLELY on the contents provided by them on this template.
IMPORTANT: It is imperative that you provide specific examples to demonstrate your experience for each of the required qualifications listed in this template. Please ensure that you have fully described how you meet the qualifications by providing a FULLY DETAILED description of your experience. Any ambiguity, vagueness, or omissions will not be decided in the candidate’s favor.
When responding, please include the reference number and letters listed in this section. The OER ID # should not be included.