Senior Auditor, IT Systems

Print (https://www.governmentjobs.com/careers/trimet/jobs/newprint/4542297)

Apply



Senior Auditor, IT Systems

Salary

See Position Description

Location

Suite 700, OR

Job Type

Non-Union Regular Full-Time

Job Number

24-00122

Department

General Manager Administration

Division

Internal Audit

Opening Date

06/14/2024

Closing Date

Continuous

• Description

• Benefits

Description

This position is a new function within Internal Audit and the position is an integral part of providing independent objective assessments of TriMet’s current IT condition. Internal Audit reports directly to the General Manager, the highest level within the organization offering the ideal candidate high-level exposure to senior management within all areas of TriMet. This position will be on the ground level designing and performing audits to ensure IT and system controls protect TriMet's assets and support the achievement of Vision 2030 and business objectives and goals contained in TriMet's Business Plan.

This position will perform complex IT system-related audits. This position is critical to assure that TriMet’s IT systems are adequately protected, provide reliable information to the decision makers and information users, and are appropriately managed for their intended purpose. The Senior IT Auditor will help TriMet identify and manage risks such as cyber-attacks, data breaches, and system failures. This position will help evaluate the adequacy of our business continuity plans related to IT systems and assess the risks and controls related to PCI compliance, third party IT vendors, change management for system development and modification, etc. This position will work closely with IT and business stakeholders including managers, directors, and subject matter experts from the business and enterprise architects, developers, engineers, cybersecurity specialists, and contracted IT service providers to analyze and assess the achievement of long-range technology goals. The Senior IT Auditor will recommend ways to mitigate risks through security controls.

Lead and conduct complex technology audits and/or technology project reviews. Design and perform audit projects to ensure IT/System controls protect TriMet's assets and support the achievement of business objectives and goals contained in TriMet's Business Plan. Perform complex IT system-related audits. Responsibilities include preparing audit programs, conducting tests using established audit techniques, documenting work performed, communicating results, and drafting audit reports and/or memos.

This role requires being in office three (3) days per week.

Ensure a commitment to safety through consistent and professional behaviors in performance of job requirements that demonstrate safety is a fundamental value that guides all aspects of our work. Perform related duties as required.

Serve as a good steward of TriMet by regularly utilizing our transit system to maintain a strong and current understanding of customers’ experiences and of TriMet’s product and service offerings.

Essential Functions

• Evaluate the adequacy of IT/system/software controls within TriMet. Design and perform tests to determine the effectiveness of the controls in mitigating risks and in achieving management's technology objectives and goals.

• Analyze the efficiency and effectiveness of IT system processes and/or computer systems, assess the reliability and integrity of financial and operating information systems, and evaluate the efficient use of technology resources. If exceptions are identified, confirm exceptions with the customer to ensure concurrence and/or to identify mitigating controls.

• Document processes, controls, and risks. Document work performed within audit work-papers in a clear, methodical manner to sufficiently support conclusions and IT audit recommendations. In situations requiring process and/or internal control improvement, identify the root cause(s) and develop recommendations to correct the condition and ensure controls are sustainable to prevent re-occurrence. Assess the significance and the risk of the system/control deficiency. Draft accurate audit reports and memos in a clear, concise manner, and incorporate IT audit recommendations. Make effective oral presentations to customers and collaboratively develop solutions with customers for recommendations and consultations.

• Sufficiently plan the IT audits and/or technology project reviews. Interview appropriate staff and managers, or directors. Review policies and procedures, and other applicable documents to understand processes, workflows, and technology objectives. Identify risks, laws/regulations, industry best practices, IT standards, and policies and procedures applicable to the process under review. Conduct appropriate testing of IT controls and systems, such as PCI compliance.

• Work closely with IT and business stakeholders including managers, directors, and subject matter experts from the business and enterprise architects, developers, engineers, cybersecurity specialists, and contracted IT service providers to analyze and assess the achievement of long-range technology goals.

• Gather and analyze information to help users correct or improve systems. Make appropriate recommendations to ensure the ongoing operational integrity and efficiencies of the systems.

• Complete timely follow-up reviews and documentation of outstanding findings and retest controls and processes to ensure management action plans are complete, sustainable to prevent reoccurrence, and to ensure it is consistent with management's technology expectations, objectives, and goals.

• Assist the Internal Audit Manager with the risk assessment process to mitigate exposure, including biennial updates and/or periodic updates as necessary. Participate in IT consulting activities as directed by the Internal Audit Manager. Assist the Manager in identifying and staying current on regulations and laws, industry best practices, and IT standards as applicable to TriMet.

Position Requirements

A minimum of a Bachelor's Degree is required with a Bachelor's Degree in Computer Science, Information Technology, Information Systems Management, or related technical field being preferred.

Four (4) years total credited experience.*

Four (4) years, IT auditing, consulting, system auditing, or experience in a similar role is required.

Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) is required.

Certified Information Security Manager (CISM) is required.

Or any equivalent combination of training or experience.

*The amount of credit a candidate receives for prior years of experience is based on the relevancy of that experience to the required or preferred prerequisites of the job description. Experience is prorated based on hours worked. LRHR assigns and validates the "credited experience".

Selection Criteria

Type of Position / Grade / FLSA

Grade 16, Exempt, Non-Union, Full-Time.

Salary Range

Minimum: $97,122.00

Maximum: $145,683.00

Salary offers will be determined by a candidate’s education, training and relevant experience. Any final offer of employment will fall within the range stated above. For transparency, we choose to list the full available grade range, however, TriMet’s salary administration process will ultimately determine the final salary offered.

Selection Process

Candidates will be selected based at a minimum on the result of:

1. Application Review (please include: Cover Letter and Resume)

2. Panel Interviews

3. Reference Check

   Supplemental Information

Make sure you describe in detail how your education, training and work experience fit with this role. You are encouraged to attach a resume, cover letter, training certificates and/or letters of recommendation with your application. You are permitted five attachments of less than 5MB each.

Internal applicants: Information in your personnel file will not be used in lieu of information requested on your application. Incomplete applications will not be considered.

If you are a qualified veteran and would like to apply for veterans' preference points, you will need to reflect your status on the application and attach supporting documentation at the time of application submission.

If you need accommodation under the Americans with Disabilities Act for any part of the application process, contact our Human Resources staff at 503-962-7505, or the TTY line at 7-1-1. Note that we require a minimum of two workdays' notice prior to the need for accommodation.

TriMet is an equal opportunity employer, committed to developing an organization that is reflective of and sensitive to the needs of the diverse community we serve, including veterans, the elderly, and individuals with disabilities.

ADA Statement

As applied to the workplace, applicants and employees must be qualified to perform the essential functions of the job with or without reasonable accommodation. Essential functions may include required job functions performed infrequently as well as production standards related to the quality and quantity of work.

If a person with a disability could meet job qualifications with a reasonable accommodation, TriMet will work with the employee to accommodate the need. If TriMet's accommodation is effective in allowing the employee to perform the essential functions of the job, it need not be the employee's preferred accommodation.