Senior Auditor IT, Principal Auditor - IT

Brookhaven National Laboratory is committed to employee success and we believe that a comprehensive employee benefits program is an important and meaningful part of the compensation employees receive. Review more information at BNL | Benefits Program

The mission of Brookhaven National Laboratory (BNL) Internal Audit is to provide independent, objective assurance and consulting services designed to add value and improve the organization’s operations. It helps the organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Internal Audit has an exciting opportunity for an experienced auditor with a specialization in Information Technology. The successful candidate plans and executes IT audit projects designed to provide an assessment of internal control processes and operational performance.  NOTE: this is a hybrid work arrangement (office is based on Long Island, NY (Upton, NY)). The selected applicant must live within a reasonable distance for commuting to the assigned work location when necessary.

Essential Duties and Responsibilities:

• Executes complex IT audits across infrastructure, applications, cybersecurity, and governance processes, ensuring audits are completed on time and in accordance with internal standards and professional guidelines.

• Conduct risk-based audit planning, including development of risk assessments, audit scopes, test plans, and control evaluations.

• Identify and evaluate technology-related risks and controls, providing assurance that governance and security mechanisms are functioning effectively.

• Demonstrate strong knowledge of complex IT environments and apply industry trends, emerging risks, and best practices to audit execution.

• Prepare detailed, well-organized audit documentation and present audit findings and recommendations to department leadership and business management.

• Perform audits in accordance with the IIA Standards for the Professional Practice of Internal Auditing, NIST guidance, and applicable regulatory frameworks.

• Participate in reviews of systems under development or undergoing major changes.

• Contribute to identifying and refining audit coverage of emerging technology risks and potential areas for future audits.

• Provide support for data analytics initiatives within the Internal Audit team, including the development or review of analytics used to monitor or evaluate controls and risk indicators.

• Support or lead special projects such as fraud investigations, targeted risk reviews, or IT control consultations.

• Participate in financial, operational, and integrated audits, especially where IT plays a supporting role, and other duties as may be assigned. 

Position Requirements:

• Bachelor’s degree in Computer Science, Information Systems, Accounting, Finance, or a related field; or equivalent experience generally based on the basis of 2:1(experience: college) years, relevant work experience may substitute education (2:1 ratio).

• Minimum 6 years of experience performing audits including at least 2 years specifically in IT auditing, including experience leading audit engagements and presenting results to senior management.

• Demonstrated experience with the NIST Risk Management Framework (RMF) and deep understanding of NIST SP 800-53 Rev. 5 controls.

• Strong knowledge of IT risk assessment methodologies, control evaluation techniques, and regulatory compliance in federal or highly regulated environments.

• Professional certification required: Certified Information Systems Auditor (CISA); additional certifications such as CISSP, CRISC, or CISM are preferred.

• Proven ability to audit across a variety of IT areas, including cloud security, logical and physical access, change management, cybersecurity, application controls, and system development lifecycle (SDLC).

• Familiarity with common platforms such as Windows, Linux, and major cloud service providers (e.g., AWS, Azure).

• Clear and concise written and verbal communication skills, with the ability to clearly convey technical risks and control recommendations to both technical and non-technical audiences.

• Ability to work independently, manage multiple priorities, and deliver high-quality results under minimal supervision.

• Proficiency with Microsoft Office applications (Excel, Word, PowerPoint, Outlook, Access, Visio); advanced Excel or other data analytics tools preferred.

• Security clearance requirements: Must undergo and receive a favorable disposition in a preliminary background investigation (criminal, credit, prior employment, etc.); must be able to obtain and maintain a U.S. Department of Energy Q-level security clearance which requires that you: be a US citizen; have no felony convictions or other serious offenses; have an honorable discharge from military, and a good credit history.  Obtaining and maintaining a security clearance is condition of employment.

Preferred Knowledge, Skills, and Abilities:

• Eight (8) years of experience performing Audits.

• Experience supporting or developing data analytics programs within an audit or risk function.

• Familiarity with TeamMate+ or other audit management systems.

• Advanced degree in a relevant field (e.g., MBA, MS in Information Systems, Cybersecurity, or Accounting).

• Experience with IT audit automation or continuous monitoring practices.

• Understanding of other frameworks such as COBIT, ISO 27001, or PCI-DSS.

• Experience leading teams in the performance of projects.

Additional Information:

• This is an on-site position eligible for consideration of flexible work arrangement (hybrid telework) at the discretion of the manager/dept chair.

• Visa sponsorship for this position is not available.

Brookhaven National Laboratory is committed to providing fair, equitable and competitive compensation. This is a multi-level role and the full salary range for this position is $99850 - $138000 / year. You will be placed at the level and salary commensurate with your experience.  Salary offers will be commensurate with the final candidate’s qualification, education and experience and considered with the internal peer group.

Brookhaven National Laboratory requires all non-badged personnel including visitors to produce a REAL-ID or REAL-ID compliant documentation to access Brookhaven National Laboratory – view more information at www.bnl.gov/real-id.  This is due to nationwide identification requirements for federal site access as required by the federal REAL ID Act.  Those not in possession of a REAL ID-compliant document will not be permitted to access the site which includes access to the Laboratory for interviews. 

About Us

Brookhaven National Laboratory (www.bnl.gov) delivers discovery science and transformative technology to power and secure the nation’s future. Brookhaven Lab is a multidisciplinary laboratory with seven Nobel Prize-winning discoveries, 37 R&D 100 Awards, and more than 70 years of pioneering research. The Lab is primarily supported by the U.S. Department of Energy’s (DOE) Office of Science. Brookhaven Science Associates (BSA) operates and manages the Laboratory for DOE. BSA is a partnership between Battelle and The Research Foundation for the State University of New York on behalf of Stony Brook University. BSA salutes our veterans and active military members with careers that leverage the skills and unique experience they gained while serving our country, learn more at BNL | Opportunities for Veterans at Brookhaven National Laboratory.

Equal Opportunity/Affirmative Action Employer

Brookhaven Science Associates is an equal opportunity employer that values inclusion and diversity at our Lab. We are committed to ensuring that all qualified applicants receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, status as a veteran, disability or any other federal, state or local protected class.  BSA takes affirmative action in support of its policy and to advance in employment individuals who are minorities, women, protected veterans, and individuals with disabilities. We ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.  *VEVRAA Federal Contractor

BSA employees are subject to restrictions related to participation in Foreign Government Talent Recruitment Programs, as defined and detailed in United States Department of Energy Order 486.1A. You will be asked to disclose any such participation at the time of hire for review by Brookhaven. The full text of the Order may be found at: https://www.directives.doe.gov/directives-documents/400-series/0486.1-BOrder-a/@@images/file