Returning Candidate?

IT Auditor II

IT Auditor II

# Positions 
Information Technology - All Openings
Travel Requirements 

More information about this job


Under general supervision, the Staff II IT Auditor assists the department with audit functions such as identifying and assessing risks and participating in the annual Audit Plan.  This role performs 75% assurance activities and 25% advisory activities in the IT Audit space.  This role communicates with the direct manager, team, departments throughout NASCO, and vendor resources regarding projects and initiatives.


  • Interacts with and interviews business area personnel in order to gather information, interpret results, communicate potential risks/issues and develop appropriate corrective actions including strengthening controls, improving efficiency and effectiveness of operations and controlling costs to be communicated to the Senior IT Auditor.
  • Performs follow-up to validate completion of action plans noted in internal and external audits. 
  • Gathers and analyzes information (such as walkthrough findings/key controls/testing samples) from process owners to fulfill internal and external audit requests and labels documentation appropriately for easy tracking and review.
  • Tracks and monitors execution and closure of audit action plans by entering information into the Audit database.
  • Reviews, assesses, and retains evidence to ensure that audit action items were closed successfully
  • Analyzes and evaluates IT operations and strategies to identify opportunities for improvement in processes and outcomes.
  • Works collaboratively with the project team to identify project and post-implementation risk/issues and co-develop recommendations for corrective actions. 
  • Identifies, researches, collects, and maintains best practices and benchmarking information related to NASCO’s IT business operations. 
  • Maintains a repository of IT audit issues and relative corrective action plans in order to update management on outstanding issues and potential risks on a scheduled basis.
  • Participates in the performance of risk assessment of the business process and project level by contributing to and leading some of these discussions.  
  • Assists in the coordination/management of increasingly complex external audits of IT information systems operations as assigned.
  • Prepares detailed work papers and written correspondence in support of audit findings.
  • Maintains effective relationships with the NASCO’s internal and external customers at the appropriate levels.
  • Performs audit testing on selected key controls.
  • Performs other duties as assigned by Senior IT Auditors or ERM Director.


Required Knowledge, Skills, Abilities and Experience:

  • 3 to 5 years of experience working as an IT auditor or IT risk adviser for a public accounting firm, a professional services firm, or within industry OR at least 2 years working for a Big Four Accounting firm on audits
  • Experience in applying relevant technical knowledge in at least two of the following engagements: (a) financial statement audits; (b) internal or operational      audits; (c) SOC  engagements; and/or (d) Mainframe UNIX or Midtier (AIX), SQL, DB2, and Active Directory
  • Proven success in IT Auditing  
  • Knowledge of Microsoft Office Suite with advanced level Microsoft Excel skills.
  • Knowledgeable about PC applications and IT audit related issues concerning operating systems (computer networking, firewalls, penetration tests, access control software (and database management systems). 
  • Knowledge of best practices and industry standards as laid out by ISACA, the AICPA and other organizations.
  • Knowledge and fundamental understanding of the following types of audits: (a) financial statement audits, (b) internal or operational audits, and (c) SOC  engagements
  • Knowledge of technologies such as Mainframe UNIX or Midtier (AIX), SQL, DB2, and Active Directory  
  • Knowledge of Audit Command Language (ACL), MySQL, or Microsoft Access.
  • Advanced written and verbal communication skills.
  • Good analytical skills, judgment, and strong decision-making ability.
  • Strong research skills in order to determine which standards and practices to follow.
  • Ability to work effectively in a team-oriented atmosphere. 
  • Ability to prioritize and manage multiple complex tasks
  • Ability to meet aggressive deadlines. 
  • Ability to follow documented instructions
  • Ability to ask probing, thoughtful follow-up questions to gain better understanding as needed to complete tasks
  • Demonstrated integrity within a professional environment
  • Must be highly motivated, organized, and committed to professional development, with demonstrated career progression and achievement.

Desired Knowledge, Skills, Abilities and Experience:

  • Experience working with Project Management processes.

Required Training and Education:

A Bachelor's degree in Business, Accounting, Finance, Computer Science, Information Systems, Engineering, or a related discipline

Desired Training and Education:

At least one of the following certifications are desired: CISA, CISSP, CISM, CIA, CGEIT, or CRISC. Non-certified hires are required to become certified to be eligible for promotion; the CISA would be the preferred certification if no other certification is held.




NASCO is a Minority/Female/Disability/Vet/Affirmative Action Employer.