The University of California, Berkeley, is one of the world's most iconic teaching and research institutions. Since 1868, Berkeley has fueled a perpetual renaissance, generating unparalleled intellectual, economic and social value in California, the United States and the world. Berkeley's culture of openness, freedom and acceptance—academic and artistic, political and cultural—make it a very special place for students, faculty and staff.
Berkeley is committed to hiring and developing staff who want to work in a high performing culture that supports the outstanding work of our faculty and students. In deciding whether to apply for a staff position at Berkeley, candidates are strongly encouraged to consider the alignment of the Berkeley Workplace Culture with their potential for success at http://jobs.berkeley.edu/why-berkeley.html.
Audit and Advisory Services assists all levels of University management in the discharge of their oversight, management and operating responsibilities by providing relevant, timely, independent assurance, advisory and investigative services using a systematic, disciplined approach to evaluate risk and improve the effectiveness of control and governance processes.
In conjunction with senior management, we develop an annual plan of audits and consultative projects based on a risk assessment and ranking methodology adopted across the UC system and augmented to address local circumstances.
The Principal IT Auditor provides independent, objective assurance and consulting services designed to review and appraise the soundness, adequacy, and application of governance, risk management, accounting, financial, operating, and administrative controls, as well as promoting a risk-based balance of cost and benefit in establishing an effective system of control. Specific areas of audit focus include, but are not limited to, IT governance, IT general controls, IT project management, IT infrastructure management, software development lifecycle, application security, emerging information security and cybersecurity risk, cloud architecture and controls related to applications hosted in the cloud, data lifecycle management, data privacy, disaster recovery and business resumption. This position will also conduct other financial, operational, and compliance audits and internal investigations as needed.
• Execute or lead complex audit, advisory, and investigation projects in accordance with professional standards • Plan the scope of the audit, develop the audit program, and determine the appropriate auditing procedures • Apply advanced auditing concepts to perform highly complex technical analysis • Develop formal written reports to communicate audit results to campus management and make recommendations as appropriate • Follow up on management action plans to ensure completion and escalate issues requiring management attention in a timely manner • Assist the Director and/or Associate Director on special projects and evaluating IT topical areas for the annual audit risk assessment • May also conduct internal investigations • Represent Audit and Advisory Services on key campus committees related to IT operational and compliance risks • Respond to requests for IT-related management consultations and advisory services • Keep abreast with latest technology developments and leverage technology, automated audit tools and data analytics to deliver insightful audit services in an effective and efficient manner
• At least five years demonstrated knowledge, skills, and expertise in the specialized field of IT auditing including, but not limited to, IT governance, IT general controls, IT project management, IT infrastructure management, software development lifecycle, application security, emerging information security and cybersecurity risk, cloud architecture and controls related to applications hosted in the cloud, data lifecycle management, data privacy, disaster recovery and business resumption, and other technology risks. • Technical knowledge in cross-platform system security – particularly with regards to operating systems, databases, ERP systems, networking configuration and protocols, software and web applications, and transactional processing environments • Experience with commonly used industry and internal control frameworks such as NIST, CIS Critical Security Controls, ISO, COSO and/or COBIT • Regularly works on complex issues and technical topics with little or no campus precedent where analysis of situations or data requires an in-depth evaluation of variable factors • Possess professional expertise as well as strong analytical and technical skills to evaluate highly complex and diverse IT systems while maintaining the ability to understand and relate to the risks to the organization's overall enterprise risk profile • Professional judgment to select audit methods, techniques and evaluation criteria • Advanced knowledge of finance, accounting, business and systems operations • Ability to present complex audit findings in a clear, concise and impactful manner for senior levels of management, both in writing and verbally • Strong interpersonal skills to independently interact with middle and senior management • Ability to work effectively, as well as independently, in a team environment • Bachelor's degree in related area and/or equivalent experience/training • Professional certification required (CIA, CISA, CPA, CISSP, GIAC or equivalent)
• Experience with PeopleSoft ERP packages (Financials and Student Information Systems) preferred
Salary & Benefits
The salary range for this position is $95,000 - $115,000
For information on the comprehensive benefits package offered by the University visit:
Please submit your cover letter and resume as a single attachment when applying.
Conviction History Background
This is a designated position requiring fingerprinting and a background check due to the nature of the job responsibilities. Berkeley does hire people with conviction histories and reviews information received in the context of the job responsibilities. The University reserves the right to make employment contingent upon successful completion of the background check.