Albany, Erie, Cayuga, Herkimer
Minimum Qualifications Non-Competitive: One year of service as an Information Systems Auditor 1; or eight years of IT audit experience*.
*IT auditing experience must have been gained in any one or combination of the following:
· Responsibility for performing IT-related audits and examinations to determine the compliance of agencies, authorities, municipalities, and schools, including reviews of physical and logical access controls, general IT controls, and application controls, and the writing and presentation of findings reports of technical issues to a non-technical audience.
· Responsibility for the analysis and evaluation of information systems, such as platforms, applications, network infrastructure, and/or IT-related operational practices and the writing and presentation of reports of findings suitable for non-technical audience.
· Responsibility for supporting an audit group, such as designing, developing/programming, maintaining technological solutions in support of audit activity, and evaluating and developing artificial intelligence programs in support of audit activity.
Education/Experience Substitution: an associate’s degree may be substituted for up to two years of IT audit experience; a bachelor’s degree may be substituted for up to four years of IT audit experience; a master’s degree may be substituted for an additional one year of IT audit experience (i.e., up to five years of experience). There is a maximum of 5 years of educational substitution. Additionally, one year of generalized audit experience** may be substituted for one year of IT audit experience.
**Generalized audit experience - Performed performance audits in accordance with Generally Accepted Government Auditing Standards; analyzed areas for audit, addressed areas of risk; evaluated systems and procedures relating to audit areas for compliance with applicable laws, rules and regulations and contract terms, as appropriate; ensured funds are utilized in accordance with laws and regulations, and proper and effective controls are in place for areas under audit; used computer assisted auditing tools and techniques across various platforms to meet audit objectives; determined the accuracy and completeness of computer-processed data, prepared audit work papers to document work done and conclusions; prepared preliminary audit findings or portions thereof, discussed findings with auditee representatives, and participated in exit and entrance conferences.
Duties Description Manage Information Technology (IT) Audit Services
· In a test environment (e.g., that simulates agency/authority/municipality/school information systems or uses trial data in development of prototypes of software applications), conducts research and tests new techniques, exploits, tools, and technology to be used during audits and special projects for audit work.
· Trains Information Systems Auditor 1s on any new techniques, exploits, or tools.
· Supervises staff in the Applied Technology Unit and may at times, supervise other staff (i.e., Regional Offices) indirectly for audits, risk assessment, planning, and other special projects.
· Consults with other Division auditors on IT areas within their audits/projects and assigns appropriate staff to assist the audit teams, when appropriate.
· Assists in planning and defining scope areas and applications to audit and examine for special projects such as: application controls; data transmissions; artificial intelligence algorithms, web-based applications; identity and access management; and network security.
· Reviews both the overall IT testing methodologies published by the Applied Technology Unit and also any additional IT testing methodologies used by supervised staff to ensure methodologies use sound IT techniques and follow Division policies.
· Reviews overall work of supervised staff on the various audits and projects. Ensures work of supervised staff addresses assigned activities, significant issues, is accurate and completed within assigned time budget, and ensures that staff is productive and efficient in performing their activities.
· Reviews and approves audit evidence and documentation of work prepared by supervised staff, such as work papers, for accuracy and compliance with Division policies.
· Conducts applicable quality assurance responsibilities to comply with Division policies.
· Reviews and edits audit reports and confidential letters written by staff to help ensure they are clear, concise, objective, complete, accurate, well organized, and meet Division policies.
· Assists in developing Division audit plans and risk assessments of IT systems and operations and determines their impact on programmatic goals and objectives.
· Keeps up to date on emerging technologies. Engages with external IT subject matter experts; for example, to help identify, research, and assess emerging technologies that will aid in the assistance of audits and special projects.
· May attend budget hearings for technology related agencies and issues.
· Develops subject matter expertise for technology related agencies, authorities, municipalities, schools, or other organizations.
· Serve as a role model for staff through statements and actions; foster behavior consistent with OSC values, encourage and coach staff to carry out Division policies and objectives, and create opportunities through empowerment.
· Promote team building and partnerships within the Agency and with external resources, as appropriate.
· Communicate frequently with staff to help promote an atmosphere of trust and confidence within the Applied Technology Unit, and to keep staff informed and up to date on Agency, Division and Unit policies and procedures.
· May be requested to perform the duties of the Applied Technology Unit Chief iwhen he/she is absent or otherwise unavailable. This will require a working knowledge of the current administrative system for time and process management, performance measurement and reporting.
· May be requested to act as a representative of the Applied Technology Chief on project teams or forums within the Agency and Division and with external partners, as needed.
· May be requested to prepare and conduct training and/or presentations for staff in the Applied Technology Unit, Division, executive management and/or external partners, as needed.
Promote Staff Development
· Prepare evaluations that are objective, balanced and timely.
· Provide clear and timely direction, expectations, supervision, and feedback to enhance staff development and also help ensure quality assurance; this will require periodic onsite supervision/management of staff
· Provide guidance and support that facilitates continuous improvement of critical thinking and professional judgment
· Help develop the communication, research and problem-solving abilities of staff
· Identify appropriate training and professional development opportunities for staff
· Help ensure staff are properly trained to perform their job responsibilities.
Assist with Division’s Strategic and Work Unit Plans
· May assist the Applied Technology Unit Chief in -
· Providing input to the Division’s strategic plan and developing the Applied Technology Unit’s annual work plan.
· Evaluating the Applied Technology Unit’s workload and prioritizing competing priorities in accordance with strategic and work unit plans, while also taking into consideration staff development opportunities and emerging trends and threats.
· Addressing requests from executive management, as needed.
· Identify continuous improvement opportunities for Applied Technology Unit training, equipment, software, tools, guidance, publications and services.
· Prepare, or may assist preparing, quarterly, or more frequently as needed, work unit and performance measurement reports; calculate and analyze measures and prepare action plans and reports for executive management.
Supervision - Supervision may include, managing audit teams, reviewing and editing written IT-related communications from and/or for Agency or Division executive management.
Additional Comments It is expected that this position may require up to 30% travel including overnight visits around the State, annually. This position can be assigned to the Central Office-Albany or any Regional Office.
· IT industry experience and/or IT or information systems-related degree
· Relevant professional certification(s) (CISA, CISSP, CISM, CRISC, CISSP, ISSMP,
· Familiarity with GAGAS, CIS, COBIT, COSO and NIST CSF frameworks
· Excellent written and verbal communication skills with the proven ability to interact effectively at IT-related subject matter expert levels
· Can effectively interact with technological systems, learn new technology concepts quickly, identify technological risks and convey those risks in audit work accurately and effectively
· IT audit experience including but not limited to, conducting Cloud, application, and system security audits.
· Strong analytical thinking and problem-solving skills
· Understanding of IT including security and emerging technology and issues
· Familiarity of New York State’s local government and school IT systems
· Positive attitude toward work and a role model for staff
· Fosters partnership and collaboration with strong interpersonal skills
Some positions may require additional credentials or a background check to verify your identity.
110 State Street
Notes on ApplyingSubmit a clear, concise cover letter, resume, and a completed copy of this template: https://web.osc.state.ny.us/recruit/docs/02918_Information_Systems_Auditor_2_MQ_Template_11_2022.doc via email to firstname.lastname@example.org no later than December 21, 2022. Be sure to reference Item #02918-OER-LDS in the subject line on your cover letter for proper routing.
Human Resources mailing address:
Office of Human Resources
110 State Street, 12th Floor
Albany, NY 12236
Attn: Linsay Scribner
If you have questions about this vacancy, please contact this Division representative: Division contact: Vicki Kirchner, email@example.com
PLEASE NOTE: To access the required template, copy the link above and paste it into your web browser, then download, complete and save to submit with your email response
PLEASE NOTE: You MUST complete the linked template in full to demonstrate you meet the minimum qualifications for this position. Interview selection is based SOLELY on the information you provide in this document, incomplete or vague information will not be viewed in your favor.
When responding, please include the reference number and letters listed in this section. The GOER ID # should not be included.