The Office of Internal Audit & Compliance operates under a Charter approved by the Board of Trustees Audit Visiting Committee. The Department’s mission defined in the Charter is to provide independent, objective assurance and consulting services to improve the operations and internal controls of the University. In fulfilling this mission, Internal Audit & Compliance assists the University in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of business risk management, control, and internal operating processes that support the University’s core missions of teaching, research, and service. The University is a complex diversified organization with approximately 300 departments having a wide range of operations with unique internal control, compliance and audit considerations, an annual operating budget of nearly $1 billion approximately $200 million is federal research funding -- and $3.9 billion in assets.
Under limited direction of the Director, the Associate Director is responsible for the systematic and objective verification, analysis and appraisal of the University’s information technology systems and controls. This position is expected to set the direction for the IT audit program at the University. The Associate Director may supervise staff members assigned to audit projects and may assist the Director in reviewing audit work papers. This position regularly communicates with University faculty and administrators at all levels and external auditors on matters relating to internal controls, compliance, and audit findings and recommendations. Duties of the position require independent execution and decision making based on the International Standards for the Professional Practice of Internal Auditing, professional certification, experience, applicable laws and regulations and University policy. Major
Develops and completes IT Risk Assessments and Audit Programs for the identification, analysis, and evaluation of information technology risks and controls.
Leads and conducts audits of controls over systems development, change management, logical access, security policy implementation, device and server configuration, cloud and vendor management, computer operations, and data recovery.
Manages and performs independent audit fieldwork within budget and in accordance with the International Standards for the Professional Practice of Internal Auditing and Internal Audit Department standards.
Shares expert IT knowledge and guidance with other audit team members.
Utilizes data analytics to enhance risk identification and quantification, and to provide valuable business intelligence to management.
Contributes to the overall effectiveness and value of the department by recommending and developing innovative approaches and solutions.
Participates in performance of IT risk analyses, in order to contribute to the annual audit plan. Identifies emerging IT risks and researches areas of exposure.
Engages in management requested and/or consulting projects and provides advisory services to management on process redesign, major system initiatives, control framework, etc.
Reviews HIPAA Security Rule risk assessment.
May conduct sensitive investigations of alleged financial improprieties, including fraud, reported through the University Financial Compliance Hotline and other sources.
Reviews findings and recommendations with University clients in a way that gains their acceptance of proposed changes and promotes professional rapport.
Builds strong relationships with key stakeholders, senior leadership, and other key leaders. Serves as a trusted advisor.
Develops and make presentations to the University community concerning IT risks and controls.
Independently communicates and presents to senior administrators and the Audit Visiting Committee on behalf of the Audit Department.
Writes clear and actionable audit reports.
Assists in preparing materials for Board of Trustees Audit Visiting Committee meetings.
Follows-up on findings and recommendations to ensure appropriate corrective actions are taken.
May supervise staff members assigned to audit projects and assists the Director in reviewing audit work papers.
Develops and assists in implementing measures to enhance Internal Audit Department audit efficiency and office administration.
Maintains current knowledge of new developments in the information technology and internal auditing fields as applicable to the University.
Performs miscellaneous job-related duties as assigned.
A Bachelor's degree in Information Systems, Computer Science, or related field and eight years relevant experience in IT auditing or related field, or equivalent combination of education and experience. Master's degree in a related field is preferred.
Supervisory and audit project management experience with proficiency in the following areas: information systems and technology; information security in computer network environments; cyber security; business continuity and disaster recovery.
One or more relevant professional certifications (e.g., CISA, CISSP, CIA, CISM, CPA, CFE).
Experience in the preparation and analysis of data through computer aided audit tools (e.g., ACL, Excel spreadsheets, or other database tools).
Experience applying COSO, COBIT, ITIL, ISO, NIST, and other leading business and IT control and/or security frameworks.
Experience with privacy and security standards including HIPAA, FERPA, and PCI.
Knowledge of Higher Ed and experience performing operational audits in related areas would be a plus.
Effective oral and written communication skills, interpersonal skills and analytical/problem solving ability.
Ability to make effective presentations to groups.
Flexibility and the ability to change priorities quickly and capacity to handle multiple tasks.
Ability to communicate and interact well with people of all ages and diverse backgrounds.
Effective oral and written communication, analytical/problem solving and interpersonal skills.
Project and people management skills to prioritize and lead multiple concurrent projects.
Relocation expenses are negotiable.
Internal Number: 494083
About University of Delaware
The University of Delaware embodies its motto—“Knowledge is the light of the mind”—and to spread that light requires a community that nurtures intellectual curiosity and free inquiry, where everyone is empowered to learn and to flourish. This is a community where we celebrate our individual and collective achievements, where we respect diverse backgrounds, values and viewpoints.
The values of the University of Delaware are woven throughout the institution—in our mission statement, in classrooms, offices and laboratories and in our actions. They guide us every day.