Minimum Qualifications A Bachelor’s Degree and three years of IT auditing experience.
IT auditing experience must have been gained in any one or combination of the following:
• An auditor with responsibility for the audits of system development life cycle, including the writing and presentation of findings reports of technical issues to a non-technical audience.
• An auditor with responsibility for the audits of physical and logical access controls, general IT controls, and application controls, including the writing and presentation of findings reports of technical issues to a non-technical audience.
• An auditor principally engaged in audits of IT project management, telecommunication networks, software, and business continuity preparedness.
• An information systems professional with responsibility for the analysis and evaluation of information systems, including platforms; network infrastructure; and operational practices.
• As a field auditor with federal, state, or municipal agency, with the responsibility for performing comprehensive IT audits to determine the compliance of individuals or businesses.
Education/Experience Substitution: J.D. or Master’s Degree may substitute for one year of technical experience; Ph.D. may substitute for two years of technical experience.
Duties Description Under the direction of an Information Systems Auditor 2 ITS, SG-27, within the ITS Office of Internal Audit, the incumbent conducts technical and operational audits and assesses the effectiveness of controls for all ITS applications and network systems, ensuring effectiveness, efficiency, confidentiality, integrity and overall compliance with required laws and regulations.
Duties include, but are not limited to:
• Develop audit programs to audit computer systems and/or operations in accordance with applicable standards (e.g., Institute of Internal Auditors, Generally Accepted Government Auditing Standards (GAGAS), ISACA, etc.).
• Evaluate systems and operating practice for compliance with applicable laws, rules, regulations, and contract terms.
• Evaluate agency systems, and IT operating practices, for efficiency and effectiveness in meeting agency goals and strategic initiatives.
• Prepare and organize audit working papers to document the work performed and conclusions drawn during the audit.
• Write and/or prepare narratives, preliminary audit findings, and make recommendations to address control weaknesses.
• Review and evaluate the implementation of new systems to ensure that controls in the system are adequate.
• Use computer-assisted auditing tools and techniques across various platforms to perform analytical procedures.
• Make assessments of the effectiveness of the overall design and operation of related control procedures as it relates to the reduction of control risk. Prepare summaries of control deficiencies observed during IT control reviews which require the IT auditor to understand complex control procedures and determine whether they have achieved their objectives.
• Conduct data analyses and data mining.
Additional Comments Background check and fingerprinting are required.
We offer a comprehensive benefits plan, which includes:
• Choice of several low and competitive health insurance plans
• Dental & vision insurance at no additional cost
• Membership in the NYS Retirement System
• Deferred Compensation Investment Plan
• Minimum of 13 vacation days per year
• Up to 13 days of paid sick leave annually for PEF/CSEA
• 5 days of personal leave per year
• 13 paid holidays per year
• Tuition reimbursement
• Public Service Loan Forgiveness (PSLF)
• Training & development opportunities
Some positions may require additional credentials or a background check to verify your identity.
26th Floor, Corning Tower, ESP
Notes on ApplyingTo apply, please submit a resume and cover letter indicating that you are applying for Information Systems Auditor 1 ITS, Ref. #94803M, and include the vacancy number from this posting. Please clearly indicate how you meet the minimum qualifications for this position.
Your Social Security number may be required to confirm your eligibility.