Associate Director

About the Opportunity

This job description is intended to describe the general nature and level of work being performed by people assigned to this classification. It is not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.

JOB SUMMARY

Reporting to the Director of Audit & Advisory Services, the Associate Director - IT Audit is responsible for assessing, evaluating and making recommendations to management regarding the effectiveness of information technology (IT) risk management, governance, and internal controls inherent in the processes and activities of the University.

The Associate Director - IT Audit will serve as a subject matter expert in evaluating IT risk, governance, and controls. The Associate Director - IT Audit leads the IT audit program which has been established to evaluate the system and process controls to ensure the confidentiality, integrity, and availability of the university's information assets and data. To meet the program's objectives, the Associate Director - IT Audit will examine the University's IT infrastructure, systems, processes and technology-dependent operations.

The Associate Director - IT Audit serves as a strategic partner to IT Leadership on digital transformation initiatives, providing risk-informed guidance during the planning and design phases of major technology investments, system implementations, and digital transformation initiatives. This role helps ensure that risk and controls are proactively and properly embedded rather than assessed reactively. The role is also expected to identify opportunities to leverage technology and enhance operational excellence across the University.

The role will lead high-impact audit projects and advisory engagements and deliver strategic insights to university leadership. Our cross-functional approach to auditing involves close collaboration between IT and Operational audit areas. In this capacity, the Associate Director will need to be familiar with the mission and strategy of the University and is expected to generate value-added recommendations that enhance the University's overall operations. The role requires strong leadership, project management, communication skills, and significant exposure to Senior Management throughout the organization.

The Associate Director will coordinate IT risk assessments, identify emerging IT risks, be familiar with complex systems and IT transformation projects, and maintain the IT audit universe which informs the development of the annual enterprise risk-based IT Audit Plan.

The Associate Director - IT Audit is expected to:

• Perform and oversee professional audit work, individually and as a team leader, in conducting reviews of assigned organizational activities in accordance with both IIA and departmental standards.
• Plan and execute IT audit projects designed to provide an assessment of internal control processes and operational performance.
• Prepare detailed plans for performing individual audits including the identification of key IT risks and controls, determination of audit objectives, and development of an appropriate audit program. Use knowledge of the current environment and industry trends to identify potential issues and risks.
• Under minimal supervision, develop clear, concise, accurate, and complete audit work papers to support findings and recommendations, and write clear and concise reports for management.
• Conduct or assist in the performance of special projects or studies, including risk assessments, fraud investigations, audit department policy updates, and due diligence reviews.
• Participate in University-wide initiatives, bringing a risk and controls perspective to institutional planning, transformation, and technology strategy.
• Oversee engagements with external auditors, as needed, ensuring quality, consistency, and timeliness in deliverables.
• Assist the Director with resource planning and organizational strategy to meet department and University needs.

MINIMUM QUALIFICATIONS

• 7 or more years of experience in auditing, compliance, risk management, or IT security.
• Knowledge and skills required for this position are normally acquired through a bachelor's degree in management information systems, Information Security/Assurance, Computer Science, or a related discipline plus professional work experience in IT Auditing, Compliance, and/or Information Security roles. Master's degree is a plus.
• Demonstrated experience leading complex IT audits and advisory engagements in complex, decentralized, and matrixed organizations.
• Project management skills with demonstrated experience in meeting project timelines and deliverables and the ability to handle multiple project assignments simultaneously.
• Excellent written and verbal communication skills, effective report writing, and comfort presenting complex findings to both technical and non-technical audiences.
• Proven ability to build relationships and influence across diverse group of stakeholders.
• Understanding of the Institute of Internal Auditor's International Professional Practices Framework, COSO Framework, and/or other professional internal control guidance.
• Working knowledge of security and technology frameworks (e.g., NIST, COBIT).
• Proficiency with data analytics using Excel, Tableau, Cognos, or PowerBI is preferred.
• Proficient with Microsoft Office applications including Word, Excel, Power Point, and Visio.
• Certification as CISA, CITP, CISSP, CISM preferred, or working towards same.
• High degree of professionalism, integrity, and accountability.
• Experience managing and mentoring audit teams.
• Strong analytical and problem-solving skills.

KEY RESPONSIBILITIES & ACCOUNTABILITIES

1) IT Audits:

• Lead the execution of the IT audit program and manage progress towards program completion.
• As a team lead or individually, perform IT audits to provide an assessment of systems, processes and strategies for adherence with internal controls, and to determine that adequate policies and procedures exist to support operations.
• As a team lead or individually, identify audit objectives and scope for each review, develop audit programs, perform interviews and testwork, develop clear and concise audit work papers to support findings and recommendations, and write clear and concise reports to management.
• As a team lead or individually, manage and perform audits including, but not limited to, the following areas: General IT Controls, Data Security & Privacy, IT Compliance, IT Risk Assessments, IT Governance, and IT Operational Assessments.
• As a team lead or individually, conduct integrated audits which evaluate IT, operational, and financial controls. Work collaboratively with fellow members of the Audit & Advisory Services team.
• Perform pre-implementation reviews for new or modified application systems to assess application, data integrity and security controls. Demonstrate and apply a thorough understanding of complex information systems.
• Participate in ongoing IT risk assessment, identifying emerging IT risk, maintaining the IT audit universe. Continuously assess the evolving IT risk landscape and keep current the IT audit universe and risk assessment model to inform IT audit priorities and resource allocation.
• Lead audits and assessments of emerging technologies including artificial intelligence, machine learning, robotic process automation, and the like.
• Audit work performed must adhere to the Institute of Internal Audit's (IIA) Standards for the Professional Practice of Internal Auditing. Through the course of performing audits, identify process improvement opportunities, as needed, and work with Audit & Advisory Services management on ongoing quality assurance efforts.
• Develop and maintain relationships with Information Technology Services management.

2) Advisory and Special Projects:

• Review system security, controls, and user adoption risks to provide risk-informed advisory support and guidance to IT leadership during the pre-implementation phases of major technology initiatives.
• Lead or individually contribute to advisory projects, including pre-implementation system reviews, strategic technology initiatives, data governance programs, and resiliency/risk-response planning.
• Participate and contribute to University-wide initiatives.
• Perform advisory engagements, special reviews and confidential internal investigations, as assigned.

3) Supervisory, Professional Development and Lifelong Learning:

• Seek ways to continuously develop professionally through attendance at seminars, in-house training sessions, professional exams/certification, and self-study.
• Carry forward information gathered into executing the audit plan.
• Foster a culture of continuous improvement and learning within the department.
• Supervise and evaluate the work of staff on projects. Provide opportunities to cross-train staff on audit activities and methodologies.
• Manage and develop audit staff, build technical audit capabilities across the team, support professional development plans, and conduct performance evaluations.
• Assist the Director with assessing staff resources to ensure delivery of timely and high-quality audit projects, advisory support, and investigations.

Position Type

Legal and Regulatory Administration

Additional Information

Northeastern University considers factors such as candidate work experience, education and skills when extending an offer.

Northeastern has a comprehensive benefits package for benefit eligible employees. This includes medical, vision, dental, paid time off, tuition assistance, wellness & life, retirement- as well as commuting & transportation. Visit https://hr.northeastern.edu/benefits/ for more information.

All qualified applicants are encouraged to apply and will receive consideration for employment without regard to race, religion, color, national origin, age, sex, sexual orientation, disability status, or any other characteristic protected by applicable law.

Compensation Grade/Pay Type:
112S

Expected Hiring Range:
$97,550.00 - $141,443.75

With the pay range(s) shown above, the starting salary will depend on several factors, which may include your education, experience, location, knowledge and expertise, and skills as well as a pay comparison to similarly-situated employees already in the role. Salary ranges are reviewed regularly and are subject to change.

---