Salary Range: $57,690 - $89,421
This is a Merit-Exempt position and serves at the pleasure of the appointing authority
Purpose of Classification:
The purpose of this classification is to perform complex internal IT audits for the County.
The following duties are normal for this position. The omission of specific statements of the duties does not exclude them from the classification if the work is similar, related, or a logical assignment for this classification. Other duties may be required and assigned.
Duties and Responsibilities
Assists the IT Audit Manager in executing the information technology audits on the audit plan; coordinates, conducts and lead audits and reviews DeKalb County’s information technology operations, programs, risks, controls, contracts and agreements in compliance with professional audit and office standards, to promote accountability, integrity and process improvement in DeKalb County; and monitors compliance of work products with appropriate professional audit standards.
Assists the IT Audit Manager in planning audit projects by developing risk-based scopes, methodologies, and audit programs; prepares, researches and designs evaluations of programs, systems, controls, policies, procedures and other functions using audit and analytical techniques; executes complex information technology tests of controls associated with applications, system operations, and supporting infrastructure; and analyzes supporting evidence, draws logical conclusions and develops appropriate findings and recommendations.
Ensures audit conclusions are based on a complete understanding of the process, circumstances, and risk to the organization; prepares thorough, complete and accurate documentation of work performed; prepares oral and written briefings; completes draft and final reports; and establishes good working relationships with IT and business units at various levels to identify and understand process changes or system implementations that are relevant to areas identified in the audit plan.
Tracks and follow-up on audit findings and recommendations; and performs management requested reviews and other special projects as assigned by the IT Audit Manager and the Chief Audit Executive.
Bachelor’s degree in Accounting, Business Administration, Computer Science, Finance, Information Technology, Public Administration or a related field; four years of IT auditing, evaluation or analysis which includes at least two years auditing Information Technology General Computing Controls (ITGC’s); or any equivalent combination of education, training and experience which provides the requisite knowledge, skills and abilities for this job.
Specific License or Certification Required
Must possess and maintain a valid Georgia driver's license.
Certified as a Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP) preferred.
Knowledge of COSO and experience with Sarbanes Oxley (SOX) audit control testing methods are desirable.
One year leading audit projects of information technology operations is desirable.
Ability to conceptualize and analyze business procedures and prepare detailed data and process flow diagrams using graphical depiction and data analysis tools. Able to ascertain control integrity, perform risk assessments and analysis and make recommendations for strengthening control environments.
Actual hands on experience evaluating the efficiency and effectiveness of an IT department in the following areas: Server & Patch Management; Asset Management; Information Security and Cybersecurity Programs; Network Security; Software Licensing Management; Mobile Device Management; Database Management; Access Management & Cloud-based application management.
Knowledge of American Institute of Certified Public Accountants’, Generally Accepted Accounting Principles; Generally Accepted Auditing Standards; United States Government Accountability Office’s Governmental Auditing Standards (yellow book);and the International Standards for the Professional Practice of Internal Auditing (red book).
Knowledgeable in IT Project Management methodology, including Systems Development Life Cycle (SDLC) and Oracle IT application and accounting system control configurations. Understanding of network, server, database and application system configuration methodologies.
Knowledge of areas within the Information Technology general control environment such as logical access controls over applications, data, and supporting infrastructure, program change management controls, backup and recovery operations and controls, computer operations controls, data center physical security controls, and system development life cycle controls. Knowledge of Enterprise Resources Planning (ERP) systems such as Oracle and SAP preferred.
Knowledge of the methods of compiling, reviewing, and analyzing performance, operational and financial data; Skills to effectively use word processing, electronic spreadsheets, graphic presentation software and data query computer languages;
Ability to supervise; Ability to understand, interpret and appropriately apply laws, rules, regulations, policies and procedures including in regard to sensitive and confidential information;
Ability to confirm whether an entity is following the terms of an agreement, or the rules and regulations applicable to an activity or practice prescribed by an external agency or authority;
Ability to analyze problems using sound reasoning to identify alternative solutions and distinguishing between relevant and irrelevant information;
Ability to plan, organize and coordinate work assignments based upon objectives, identify problems and opportunities, monitor progress, and accomplish goals;
Ability to communicate effectively verbally and in writing to express facts and ideas in a succinct and organized manner and make clear and convincing oral presentations;
Ability to establish and maintain effective working relationships with others by listening and facilitating an open exchange of ideas;
Ability to learn and develop an understanding of complex organizational and financial processes and systems; Ability to apply technology to improve efficiency and effectiveness of work assignments.