Information Systems Auditor 1 SG-23 Item# 02933
New York State
AgencyState Comptroller, Office of the
TitleInformation Systems Auditor 1 SG-23 Item# 02933
Occupational CategoryFinancial, Accounting, Auditing
Bargaining UnitPS&T - Professional, Scientific, and Technical (PEF)
Salary RangeFrom $86681 to $109650 Annually
Appointment Type Contingent Permanent
Duties Description Information Technology Auditing and Support Services:
• Working on specialized IT audits, projects and studies that incorporate advanced and complex IT matters, IT auditing tools and/or emerging technologies.
• Conducting IT-related audit work in accordance with Generally Accepted Government Auditing Standards, IT security requirements and industry standards.
• Providing consultation and hands-on assistance to Division audit teams and auditees on technical IT matters during financial or performance audits.
• Keeping up to date on emerging technologies and keeping Unit Management informed of related trends and developments.
• Conducting research and developing proposals recommending topics for future specialized IT audits, projects, audit tools, publications and/or training.
• Using advanced IT auditing tools such as Nmap, Nessus and AppScan.
o Developing and performing tests of IT controls to determine whether they have been placed in operation and are operating effectively and whether there are adequate controls in place.
• Analyzing and evaluating the adequacy of auditee’s cybersecurity governance, IT policies and procedures and internal controls.
• Evaluating data, information systems, and procedures relating to IT audit/special project areas for compliance with applicable laws, rules, and regulations.
• Participating in and/or conducting interviews with auditees and performing walk-throughs to assist in the evaluation of information system controls.
• Writing and/or assisting audit teams with writing preliminary audit findings, discussion documents, draft reports, and/or special project documents.
• Advancing the Division’s IT auditing capabilities.
Technology Assistance and Training:
• Training and supporting other Unit staff using advanced IT auditing tools and developing related Division policies and procedures.
• Assisting Division audit staff in assessing and testing controls over computerized systems in local governments and schools across the State.
• Training Division staff on various IT auditing topics and technologies.
• Training local officials on cybersecurity governance and IT-related topics.
• Identifying appropriate training and professional development opportunities to help ensure staff are prepared to perform their job responsibilities.
Supervision:
May assist in the supervision of Auditor 1s, Information Technology Specialist 1s, trainees, students, or other titles.
Additional Information:
It is expected that this position may require up to 30% travel including overnight visits around the State.
Minimum Qualifications Seven years of Information Technology audit experience, which must have been gained in any one of combination of the following (experience may be concurrent):
• Responsibility for performing IT-related audits and examinations to determine the compliance of agencies, authorities, municipalities, and schools, including reviews of physical and logical access controls, general IT controls, and application controls, and the writing and presentation of findings reports of technical issues to a non-technical audience.
• Responsibility for the analysis and evaluation of information systems, such as platforms, applications, network infrastructure, and/or IT-related operational practices and the writing and presentation of reports of findings suitable for non-technical audience.
• Responsibility for supporting an audit group, such as designing, developing/programming, maintaining technological solutions in support of audit activity, and evaluating and developing artificial intelligence programs in support of audit activity.
An Associate’s degree may be substituted for up to two years of IT audit experience; a Bachelor’s degree may be substituted for up to four years of IT audit experience; a Master’s degree may be substituted for an additional one year of IT audit experience (i.e., up to five years of experience). There is a maximum of 5 years of educational substitution.
Additionally, one year of generalized audit experience* may be substituted for one year of IT audit experience.
*Generalized audit experience is defined as - Performed performance audits in accordance with Generally Accepted Government Auditing Standards; analyzed areas for audit, addressed areas of risk; evaluated systems and procedures relating to audit areas for compliance with applicable laws, rules and regulations and contract terms, as appropriate; ensured funds are utilized in accordance with laws and regulations, and proper and effective controls are in place for areas under audit; used computer assisted auditing tools and techniques across various platforms to meet audit objectives; determined the accuracy and completeness of computer-processed data, prepared audit work papers to document work done and conclusions; prepared preliminary audit findings or portions thereof, discussed findings with auditee representatives, and participated in exit and entrance conferences.
Additional Comments Knowledge, skills, and abilities:
• IT industry experience and/or IT or information systems degree
• Relevant professional certification(s) (CISA, CISSP, CISM, CRISC, CISSP, ISSMP, CIA)
• Familiarity with GAGAS, CIS, COBIT, COSO and NIST CSF frameworks
• IT audit experience including but not limited to, conducting Cloud, application, and system security audits
• Excellent interpersonal skills with staff and customers
• Works well independently and in a team environment
• Possesses effective oral and written communication skills
• Detail orientated, and produces an accurate and timely work product
• Ability to effectively apply work unit policies and procedures
• Ability to handle multiple and sometimes competing priorities
• Good knowledge and use of technology
• Strong organizational skills
• Strong work ethic and positive attitude
Telecommuting: The Office of the New York State Comptroller (OSC) supports telecommuting where it is reasonable to do so based upon the agency’s mission and operational needs. Generally, employees new to OSC will be restricted from telecommuting for at least 8 calendar weeks. After the initial 8 calendar week restriction, if an employee’s primary residence location, duties, and work performance are aligned with telecommuting and operational needs they may be allowed to do so. Generally, OSC employees may telecommute up to 5 days per pay period but may be approved to telecommute less
Reasonable Accommodation: The NYS Office of the State Comptroller provides reasonable accommodations to applicants with disabilities. If you need reasonable accommodation for any part of the application and hiring process, please notify the Division of Human Resources at (518) 474-1924.
Equal Opportunity Employment: The Office of the NYS Comptroller values a workforce with a broad, diverse range of backgrounds and perspectives. All employees are expected to contribute to a professional environment focused on self-evaluation and improvement, as well as acceptance and support of coworkers.
Some positions may require additional credentials or a background check to verify your identity.
Address
Street Office of the New York State Comptroller, Division of Human Resources
110 State Street, 12th Floor
Notes on ApplyingSubmit a clear, concise cover letter and resume stating how you meet the minimum qualifications for this title. To apply, copy and paste the following link into your browser:
https://www.osc.ny.gov/jobs/openings/information-systems-auditor-1/032537
Reference Item #02933-BEP on your cover letter for proper routing.
Unofficial transcripts and/or templates will be required for certain positions. Documents must be sent as unlocked and accessible attachments.
If you have questions about this vacancy, please contact this Division representative:
Division Contact: Jennifer Haviland
Email Address: JHaviland@osc.ny.gov