IT Internal Auditor

At the Ohio Office of Budget and Management, it is our mission to provide policy analysis, fiscal research and financial management services to the Governor and agencies of state government, helping to ensure the proper and responsible use of state resources.

As a cabinet-level agency within the executive branch of state government, OBM develops, coordinates and monitors the individual budgets of state agencies and reviews all financial transactions made with public funds.

What we need:
IT Internal Auditor

What we do:
The Ohio Office of Budget and Management (OBM) is the fiscal backbone of the State of Ohio enterprise. OBM works with the Governor and every state agency in providing policy analysis, fiscal research, and financial management services. We help state agencies shape Ohio’s future by ensuring the proper and responsible use of state resources!

What You'll Do:

The position evaluates information technology processes and/or procedures to assess IT-related risks, evaluates design and/or effectiveness of IT controls, and determines compliance with IT industry standards and best practices to provide objective conclusions and recommendations.  IT reviews can include but are not limited to the following: application/software development, database security, access controls, IT general controls (e.g., IT operations, physical access, IT change management), IT infrastructure, NIST cybersecurity, patch management, security and privacy controls, and cloud computing. The role requires the ability to work independently and as part of a team to perform quality work that adheres to the professional internal audit standards.  Duties include but are not limited to: 

• Managing responsibilities and multiple concurrent projects with tight timelines. 
• Identifying and defining audit scope and objectives and developing criteria to effectively execute detailed audit work programs and procedures.  
• Exhibiting the highest level of objectivity in gathering, evaluating, and communicating information about the system or process being reviewed. 
• Conducting interviews and walkthroughs with agency subject matter experts. 
• Analyzing technical documents to determine relevant controls and performing testing to ensure controls are adequately in place.
• Determining underlying causes of issues and developing recommendations to adequately address identified issues. 
• Preparing work papers, which includes clear and concise written observations. 
• Performing follow-up activities on prior audit issues reported and validating adequate agency remediation. 
• Documents business processes within process narratives or flowcharts, identifying risks and mitigating controls.
• Develops risk and control matrices and test plans for key controls.
• Provides guidance and training to new auditors.

Preferred Qualifications:

• Ability to assist in non-IT reviews, such as business processes.
• Prior experience conducting IT and cybersecurity-related audit OR auditing or IT auditing experience.
• Certified Information Systems Auditor (CISA) or other relevant certification.
• Knowledge and understanding of NIST 800-53 security controls.
• Demonstrates verbal and written communication and strong partnering skills.
• Experience in creating process documentation, developing audit plans, and performing audits required
• Knowledge of MS Word, Excel, Visio and PowerPoint; Cloud Computing, TeamMate, Data Analytics experience a plus

We celebrate diversity and are committed to creating an inclusive environment for all employees.  Apply today for the next step in your career and an opportunity to contribute to shaping Ohio’s future!

<