IT Auditor and Data Analyst

Essential Duties & Responsibilities

• Execute risk-based IT audit engagements in accordance with the approved Internal Audit Plan, ensuring adequate coverage of assigned high-risk systems, processes, and technology areas.
• Perform assessments of IT General Controls (ITGCs), logical access controls, privileged access management, change management processes, System Development Life Cycle (SDLC), and IT operations as directed.
• Conduct walkthroughs, control design assessments, and operating effectiveness testing, and prepare comprehensive audit documentation and working papers in accordance with professional auditing standards.
• Assess compliance with recognized frameworks and standards including ISACA guidelines, ISO 27001, and applicable regulatory requirements, and document findings clearly and objectively.
• Evaluate ERP application controls within environments such as Oracle, SAP, or Banner, identifying control gaps and supporting the preparation of audit findings and recommendations.
• Prepare draft audit findings, reports, and management action plans for review by the Director of Internal Audit, ensuring findings are accurate, well-evidenced, and clearly communicated.
• Design and execute data analytics procedures across financial and non-financial datasets to enhance audit coverage, support risk identification, and strengthen audit conclusions.
• Apply analytics techniques including exception reporting, anomaly detection, segregation of duties analysis, and fraud risk indicators to assigned audit engagements.
• Develop dashboards, automated scripts, and data visualization outputs using tools such as Excel (advanced), Power BI, SQL, or equivalent, to improve audit efficiency and reporting accuracy.
• Support the implementation and maintenance of continuous auditing and monitoring mechanisms under the guidance of the Director of Internal Audit.
• Assist in special reviews, investigations, and data-driven assignments as directed, applying structured analytical approaches and maintaining objectivity and professional scepticism.
• Contribute to the development and standardization of IT audit programs, working papers, and methodology documentation in support of audit quality and consistency.
• Participate in IT risk assessment activities and assist in maintaining the IT risk universe and audit universe as directed.
• Coordinate with auditee staff to schedule walkthroughs, gather evidence, and follow up on outstanding audit requests in a timely and professional manner.
• Keep current with emerging technology risks, cybersecurity developments, and evolving IT audit practices relevant to the higher education sector.

Qualifications, Certifications and Experience

• Bachelor's degree in Information Technology, Computer Science, Finance, or a related field. A Master's degree is preferred.

Certifications

• Certified Information Systems Auditor (CISA) — required.
• ISO 27001 Internal Auditor or Lead Auditor — preferred.
• Additional relevant certification such as CIA is advantageous.

Experience

• Minimum 8 years of progressive experience in IT audit, risk, and compliance, including a minimum of 3 years of hands-on experience in data analytics within an audit or risk context.
• Demonstrated experience executing IT General Controls audits, application controls reviews, and ERP audit assignments.
• Experience working within a structured internal audit function, applying risk-based audit methodologies and professional auditing standards.

Knowledge & Skills

• Strong knowledge of IT General Controls, ERP environments (Oracle, SAP, Banner, or equivalent), and IT governance frameworks.
• Proficiency in data analytics tools including advanced Excel and Power BI; working knowledge of SQL or equivalent querying tools.
• Solid understanding of ISACA frameworks, ISO 27001, and risk-based internal audit methodology.
• Strong documentation and report writing skills with attention to detail and clarity of expression.
• Professional skepticism, analytical thinking, and the ability to identify and articulate control weaknesses.
• Effective communication and interpersonal skills to engage with auditees at all levels of the organization.

Preferred

• Exposure to fraud risk assessment methodologies and forensic data analysis techniques.
• Experience with scripting tools such as Python or R for data extraction and analysis.
• Knowledge of continuous auditing and monitoring tools and practices.

Working Conditions

• Work is normally performed in a typical interior/office work environment.
• No or very limited physical effort is required.
• No or very limited exposure to physical risk.

Supervision

Director of Internal Audit