Senior IT Auditor

Title: Senior IT Auditor

State Role Title: Auditors, Internal

Hiring Range: $80,628 - $100,000

Pay Band: 5

Agency: Virginia Department of Health

Location: Dept of Health

Agency Website: https://www.vdh.virginia.gov/

Recruitment Type: General Public - G

Job Duties

A. Performance Management (for employees who supervise others)
• Serves in a managerial/supervisory capacity to conduct performance management activities and ensure onboarding/offboarding and training for staff
• Establishes and reviews work assignments and priorities and implements performance improvement strategies and/or problem resolution for related issues, in conjunction with program management and Human Resource staff
• Ensures relevant training and workplace safety for staff
• Conducts required performance monitoring and appraisals, establishes clear performance expectations, addresses deficiencies in a timely manner, and documents underperformance in accordance with state guidelines
• Supports employee growth through regular feedback, coaching, and professional development opportunities

B. Planning Phase Audits
• Assists the Internal Audit Director with planning the IT security audits to evaluate the adequacy and effectiveness of controls and procedures designed to protect COV information and IT systems
• Familiarization – Conduct initial research and review of laws, policies, procedures and best practices
• Preliminary Survey – Gather detailed information inclusive of reviewing procedures, diagrams, the systems boundary definition, risk assessment and other existing documentation combined with interviews and/or surveys of key personnel, documentation of key controls, walkthroughs and observations, an initial assessment of key controls and design of the audit test plan (e.g., determine likelihood of effective information system controls)

C. Fieldwork (Conducting the Audit)
• Coordinate and execute the IT audit test plan by performing tests and evaluating results
• Ensures audits and projects are conducted within timeline and in accordance with Office of Internal
• Audit (OIA) guidelines and industry best practices
• Communicates to OIA management findings and progress of work

D. Audit Workpapers
• Ensures workpapers conform to OIA policies and procedures and in accordance with generally accepted government auditing standards GAGAS Yellow Book (Generally Accepted Government Auditing Standards) or the international standards for the professional practice of internal auditing IIA Red Book (Institute of Internal Auditors’ Standards)
• Ensures workpapers are prepared using the appropriate cross-referencing and scanned documents include a reference to the source and the purpose of the document. Develop recommendations on findings; ensures workpapers include sufficient evidence to support all conclusions.
• Responsible for compiling quarterly reports on the status of corrective action plan (CAP) for all IT audit findings including findings from operational/performance internal Audits, APA, and other third-party external auditors (e.g., EPA)

E. Reporting
• Draft audit report (develop draft findings and recommendations)
• Arrange exit meeting with Division Directors, Business Managers, and IT Staff to discuss draft report
• Obtain management’s responses and corrective action plan for inclusion in final report

F. Program Management
• Maintains the IT three-year Audit Plan
• Monitors, advises and reports security of new systems
• Updates IT audit program
• Reports times spent on projects and admin functions
• Attends training courses, lead/participate in staff meetings, working with third party auditors and participation on departmental committee task forces

Minimum Qualifications

• Considerable IT audit experience
• Knowledge and ability to plan and conduct a variety of Information Security audits
• Knowledge of IT operating and application systems, infrastructure and networks
• Ability to coordinate multiple concurrent audits, meet timeframes and establish/maintain effective working relationships
• Excellent written and oral communication skills

Additional Considerations

• Certification in one or more professional areas (CIA, CISA, CISSP)
• Knowledge and work experience in Commonwealth Information Security Standards and guidelines

Special Instructions

You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to “Your Application” in your account to check the status of your application for this position.

VDH accepts only on-line applications. Faxed, mailed, or e-mailed applications will not be considered. Applications are accepted until 11:55 p.m. on the job closing date. Applications and/or resumes should include relevant work history which indicates your qualifications for this position.

Employment is contingent upon satisfactory results of a state and federal criminal history background check and the Department of Social Service’s Child Abuse and Neglect Central Registry check, U.S. HHSIG Exclusion List check, employment reference check and E-Verify. Other financial, credit, driving, background checks or completion of Statement of Economic Interests may be required for certain positions.

It is the policy of the Commonwealth and VDH that all aspects of human resource management be conducted without regard to race (or traits historically associated with race including hair texture, hair type, and protective hairstyles such as braids, locks, and twists); sex; color; national origin; religion; sexual orientation; gender identity or expression; age; veteran status; political affiliation; disability; genetic information; and pregnancy, childbirth, or related medical conditions. VDH employees have a shared Code of Ethics, which can be found in the bottom banner of our website: www.vdh.virginia.gov.

If you have been affected by DHRM Policy 1.30 layoff and possess a valid Interagency Placement Screening Form (Yellow Card) or a Preferential Hiring Form (Blue Card), you must submit the card before the closing date for this position. The Card may be submitted with the state application as an attachment.

As a V3 (Virginia Values Veterans) employer VDH Welcomes Veterans to apply!

Supplemental Questions: You may be required to respond to position-specific questions at the end of this application. This information will help us evaluate your credentials and qualifications for the job. Failure to respond to any questions may disqualify you from further consideration.

Contact Information

Name: Rose Sandra Bose

Phone: 804-998-7871

Email: rose.bose@vdh.virginia.gov

In support of the Commonwealth’s commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation, if applicable, to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at 800-552-5019.

Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1, 2022- February 29, 2024, can still use that COD as applicable documentation for the Alternative Hiring Process.