Position Description IT Auditor

Similar documents
"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

ROLE DESCRIPTION IT SPECIALIST

IT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)

Information Technology General Control Review

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Table of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING

POSITION DESCRIPTION

Certified Information Systems Auditor (CISA)

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

IT Information Security Manager Job Description

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

CCISO Blueprint v1. EC-Council

Predstavenie štandardu ISO/IEC 27005

SALARY $ $72.54 Hourly $3, $5, Biweekly $8, $12, Monthly $103, $150, Annually

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

CISA Training.

CASA External Peer Review Program Guidelines. Table of Contents

ANZSCO Descriptions The following list contains example descriptions of ICT units and employment duties for each nominated occupation ANZSCO code. And

Introduction To IS Auditing

Annexure 08 (Profile of the Project Team)

Certified Information Security Manager (CISM) Course Overview

FDIC InTREx What Documentation Are You Expected to Have?

REPORT 2015/010 INTERNAL AUDIT DIVISION

Information Technology Branch Organization of Cyber Security Technical Standard

POSITION DESCRIPTION

NEN The Education Network

Manchester Metropolitan University Information Security Strategy

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

Business Continuity Planning

Public Safety Canada. Audit of the Business Continuity Planning Program

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)

What is ISO/IEC 27001?

AUDIT UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY. Report No Issue Date: 8 January 2014

Security and Privacy Governance Program Guidelines

KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)

POSITION DESCRIPTION

Global Statement of Business Continuity

IT Audit Process Prof. Liang Yao Week Six IT Audit Planning

Protecting your data. EY s approach to data privacy and information security

CAPM TRAINING EXAM PREPARATION TRAINING

Information Security Controls Policy

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

REPORT 2015/149 INTERNAL AUDIT DIVISION

COURSE BROCHURE CISA TRAINING

IT Audit Process Prof. Liang Yao Week Two IT Audit Function

Marine Institute Job Description

FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

Threat and Vulnerability Assessment Tool

What is ISO/IEC 20000?

Manager, Infrastructure Services. Position Number Community Division/Region Yellowknife Technology Service Centre

BRING EXPERT TRAINING TO YOUR WORKPLACE.

IT Expert (Enterprise Network and Infrastructure Architect)

Position Description For ICT Officer Support Information, Technology and Communication Department Hobart

APPROVAL SHEET PROCEDURE INFORMATION SECURITY MANAGEMENT SYSTEM CERTIFICATION. PT. TÜV NORD Indonesia PS - TNI 001 Rev.05

Big data privacy in Australia

Education Network Security

_isms_27001_fnd_en_sample_set01_v2, Group A

Global Security Consulting Services, compliancy and risk asessment services

Security Director - VisionFund International

CISM Certified Information Security Manager

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

ACTIVE SHOOTER RESPONSE CAPABILITY STATEMENT. Dynamiq - Active Shooter Response

FIRE REDUCTION STRATEGY. Fire & Emergency Services Authority GOVERNMENT OF SAMOA April 2017

IS Audit and Assurance Guideline 2001 Audit Charter

CISM QAE ITEM DEVELOPMENT GUIDE

SAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx

INTELLIGENCE DRIVEN GRC FOR SECURITY

Ingram Micro Cyber Security Portfolio

No IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP

IT Attestation in the Cloud Era

Application for Certification

Position Description For ICT Systems Officer Information, Technology and Communication Department Hobart

Strategic Security Analyst

Security and Architecture SUZANNE GRAHAM

REPORT 2015/186 INTERNAL AUDIT DIVISION

Model Curriculum. Analyst Security Operations Centre SECTOR: IT-ITeS SUB-SECTOR: IT Services OCCUPATION: Information/Cyber Security SSC/Q0909 REF ID:

t a Foresight Consulting, GPO Box 116, Canberra ACT 2601, AUSTRALIA e foresightconsulting.com.

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

INFORMATION SECURITY GOVERNANCE, RISK & COMPLIANCE CLOUD CONSULTING SERVICES CIO & CISO SERVICES. forebrook

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

CITY OF MONTEBELLO SYSTEMS MANAGER

Objectives of the Security Policy Project for the University of Cyprus

Testers vs Writers: Pen tests Quality in Assurance Projects. 10 November Defcamp7

HSCIC Audit of Data Sharing Activities:

Senior Manager Information Technology (India) Duration of job

Policy Document. PomSec-AllSitesBinder\Policy Docs, CompanyWide\Policy

Reviewed by ADM(RS) in accordance with the Access to Information Act. Information UNCLASSIFIED.

POSITION DESCRIPTION

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

Competency Definition

Evaluation of technologies that will improve the UEL IT infrastructure, recommending and advising on strategic improvements

Business continuity management and cyber resiliency

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Information Technology Disaster Recovery Planning Audit Redacted Public Report

Checklist: Credit Union Information Security and Privacy Policies

The Common Controls Framework BY ADOBE

TEL2813/IS2820 Security Management

Transcription:

Position Title IT Auditor Position Number Portfolio Performance and IT Audit Location Victoria Supervisor s Title IT Audit Director Travel Required Yes FOR OAG HR USE ONLY: Approved Classification or Leadership Band Mandate Band 2 NOC Code: Class Code: The Office of the Auditor General (the OAG or Office) serves the Legislative Assembly and the people of British Columbia by providing independent assessments and advice that enhance government accountability and performance. Authorities for the Office of the Auditor General are derived from the Auditor General Act. Role and Responsibilities The IT Auditor, as a member of an audit team, assesses risks and controls in Information Technology (IT) environments, and documents and evaluates the impact of those risks and controls to the organization s business objectives. The position provides technical expertise to IT audits and IT advice and support to performance and financial audits, under the direction of IT Audit Directors. To meet the information needs of performance and financial audit staff, the position, as a member of the IT audit team, consults with other auditors or engagement leaders to clearly define engagement requirements, to determine the feasibility of their requests, to determine the most effective approach to assessing risks and controls in the IT environment, to assess the design and operating effectiveness of general computer and application controls, and to clearly communicate results and business implications, both verbally and in-writing, in relation to performance and financial statement audits. The IT Auditor, as a member of the audit team, will meet and consult directly with the auditees regarding their IT systems and systems environment to plan and conduct either IT audits or computer control reviews to support performance and financial statement audits. The position requires a broad and current knowledge of IT systems and processes and trends in information technology. To successfully perform this role, the incumbent is required to maintain a current understanding of the principles, concepts and fundamentals of the IT audit process in order to analyze, interpret and respond to stakeholder s needs. Responsibilities in conducting IT Audits: As a member of the audit team, assist in all phases of an IT audit: planning, conducting and reporting. This includes: defining the audit objectives, scope, and criteria; identifying required resources and timeframes to complete the audit; analyzing the IT environment in terms of risks and controls; and determining appropriate audit procedures for assigned projects. Conduct IT performance audits and assessments to evaluate risks and controls in the auditee s computing environment combined with business processes. Gain specific knowledge sufficient to enable analysis of controls in key areas such as: database management, operating system applications and IT infrastructure. Apply knowledge of auditing in areas such as: IT governance, IT security policies and procedures, IT strategic planning, systems development, system access, change management, business continuity, and project management. Conduct general computer and application controls assessment and design appropriate tests of controls in relation to financial reporting and business processes. Communicate, both verbally and in-writing, effectively and clearly (with internal staff and external auditee) audit results and their implication in relation to financial reporting and auditee s business operations. Assist performance and financial audit teams with data analysis requests using specialized computerized audit software tools. Prepare documentation of all work performed and draft necessary reports. 1

Indicative Position Responsibility Distributions IT Audit 85% Planning, conducting and reporting audits/assessments within portfolio/lines of business Office wide Engagement 5% Office wide involvement on cross portfolio or operational committees Community of Practice 5% Building relationships across the public sector Other 5% As required Qualifications and Experience Education: Certification as CISA, CISM, CISSP or equivalent professional certification or equivalent post-secondary education. Five years of work experience in IT auditing. -or- Equivalent combinations of education involving a variety of formal technical courses in IT and related working experience. Experience: Experience should demonstrate competencies, such as: Knowledgeable in IT systems, processes, and controls. Ability to document and assess entity control environments and to evaluate risks and controls in those IT environments. Knowledgeable in use of specialized audit software such as ACL or equivalent. A good understanding of business process in accounting and reporting. Ability to communicate effectively and confidently to non-technical audiences. Ability to produce highly accurate work, and to document all work performed. Ability to quickly gain an understanding of any IT systems and applications in a business environment and achieve the level of knowledge in specific applications and systems required for carrying out audits. Ability to analyze and think creatively to address IT audit issues. A good understanding of concepts and fundamentals of auditing process understanding of IT audit processes is preferred. Experience in a public sector environment is an asset. Behavioural Competencies Foundation Personal Accountability Demonstrates accountability. Shares the problem and takes responsibility. Models professional and respectful behaviours. Business Acumen Demonstrates critical thinking and reasoning. Prioritizes tasks and assignments. Demonstrates ability to speak the language. Continuous Improvement Willingly adapts to shifting priorities. Actively participates and contributes ideas in team meetings and discussions. Identifies areas for improvement to work processes and practices. Leadership Corporate Planning Undertakes analysis and prepares accurate supporting information. Supports the implementation of specific initiatives/projects. Engage and Inspire Demonstrates ownership of work and pride in individual and others success. Sets up others to succeed. Collaborates with team members. Developing People Demonstrates a strong commitment to development. Informally coaches and mentors. Engages in career conversations with their supervisor. 2

Leading Change Understands the concepts of change management and stakeholder involvement. Identifies and communicates change management needs. Identifies impediments to change, and escalates as appropriate. Technical Competencies Planning Contributes to the development of project plans. Identifies and drafts potential project risks. Uses appropriate systems to organize and manage project data. Conducting Identifies, gathers and analyzes relevant project evidence. Produces well organized relevant documentation. Evaluates evidence and draws appropriate conclusions. Reporting Gathers information to inform recommendations. Provides clearly documented findings. Presents preliminary findings or conclusions. Service Focus Uses judgment to identify noncomplex client issues, and escalates to the relevant authority as appropriate. Provides well thought-out, concise and timely communications with clear messaging. Develops professional client relationships. Project Management Adheres to a project plan to guide priorities and tasks. Demonstrates ability to manage own individual workload. Identifies minor project risks or issues, and escalates to supervisor as appropriate. See additional technical competencies below **** Direct Supervision The position may be responsible for directly supervising staff from time to time. Organizational Chart Auditor General Assistant Auditor General IT Audit Director IT Auditor 3

This is an accurate statement of the position s assigned duties, responsibilities, and reporting relationships. This position description was created/revised/finalized in Month/Year. Reviewed By X Date Click here to enter a date. [] Approved By X Date Click here to enter a date. Carol Bellringer, Auditor General I have read this position description and understand the key responsibilities: Agreed to By X Date Click here to enter a date. [Name], incumbent 4

Appendix A IT Auditor Competency Core competencies for an IT auditor. Must be able to explain, describe, demonstrate knowledge of the concept and associated risk, analyze processes and controls, and draw reasonable conclusions of the following areas of competency. Competency IT Governance IT governance, security, operations, and control frameworks and standards (e.g., COBIT, ISO, PCI, ITIL) IT strategic planning (including alignment with objectives, tactical planning, performance measurement) IT risk management processes (e.g., enterprise risk management, threat risk assessments). IT policies, standards, guidelines, and procedures Data classification standards, guidelines, and processes IT service level management practices Third party assurance reporting (e.g., Service Organization Control reports) Management oversight and monitoring of IT controls Access Provisioning Logical security controls that restrict access to applications, databases, operating systems and networks User account/profile additions, modifications, and deletions Physical security controls that protect information assets (e.g., video monitoring, key card access) Network Security Management Network architecture Wireless network technologies Security testing techniques (e.g., penetration testing, vulnerability assessments) Firewall design and placement Intrusion Detection/Prevention System design and placement Tools and techniques used to protect against viruses, malware, and spyware System Development, Acquisition, and Change Management Project management methodologies (e.g., PRINCE2) Project management practices Systems Development and Acquisition practices Data and system conversion processes Change management for applications, databases, operating systems and network devices Computer Operations Operating system (e.g. Windows, Unix) and database (e.g., SQL, Oracle) technology components Configuration management for applications, databases, operating systems and network devices Data and media retention and destruction Encryption controls and techniques for computers, media devices, and electronic transmissions Scheduled and non-scheduled process management Level 5

Competency Data integrity processes (e.g., interfaces between systems, data input controls) Problem and incident management Data and system backup processes Disaster recovery, including testing and environment controls (e.g. air conditioning, fire suppression) IT Trends Risks and controls related to emerging technologies (e.g., cloud computing, social media, mobile devices) Level cc: Supervisor; Personnel file; Position file 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback