Position Description

Commonwealth of Pennsylvania
POSITION DESCRIPTION FOR JOB POSTING
Position Number: 00227832	Description Activated On: 11/21/2024 11:50:45 AM

Position Purpose: Describe the primary purpose of this position and how it contributes to the organization’s objectives. Example: Provides clerical and office support within the Division to ensure its operations are conducted efficiently and effectively.

The Senior Internal Auditor is responsible for specialized audit work examining financial and operational processes with a focus on IT systems auditing. The position plans and executes complex IT audits to assess the adequacy and effectiveness of controls, ensuring compliance with policies, procedures, and regulations, and evaluating the security of systems and data. This role involves leading audit engagements, advising on IT risks, and providing recommendations for process improvements across the State Employees Retirement System (SERS) technology landscape.

Description of Duties: Describe in detail the duties and responsibilities assigned to this position. Descriptions should include the major end result of the task. Example: Types correspondence, reports, and other various documents from handwritten drafts for review and signature of the supervisor.

AUDIT PLANNING & EXECUTION

Lead and conduct comprehensive IT audits, including risk assessments, to evaluate the effectiveness of IT controls, processes, and systems.

Conduct research to understand the agency’s IT environment, including system architecture, applications, networks, and security frameworks.

Develop audit programs and perform detailed testing of IT controls in areas such as system access, change management, data integrity, cybersecurity, disaster recovery, and network security to evaluate IT processes, controls, and system functionality against established criteria and best practices.

Ensure audits are performed in accordance with standards set by governing bodies (e.g., IIA, ISACA) and internal policies.

RISK ASSESSMENT AND CONTROL EVALUATION

Perform risk assessments to identify key risks, control gaps, and areas for improvement in IT processes, systems, and infrastructures.

Evaluate the design and operational effectiveness of IT controls related to data security, system integrity, access management, and compliance.

Assess compliance with IT policies, industry regulations, and best practices in cybersecurity and data protection.

Analyze the alignment of IT controls with industry standards (e.g. NIST, ISO, COBIT) and applicable regulatory requirements.

AUDIT REPORTING

Prepare clear, concise, and well-supported audit reports summarizing findings, conclusions, and recommendations.

Present audit findings to senior management, including actionable recommendations for risk mitigation and control improvement.

Follow up on audit findings to ensure timely remediation by management and report on status during subsequent audits or risk assessments.

Recommend practical solutions and improvements to enhance IT control effectiveness and mitigate known risks.

COLLABORATION AND STAKEHOLDER ENGAGEMENT

Work closely and maintain effective relationships with IT, cybersecurity, and business units to enhance collaboration throughout the audit process.

Provide guidance on remediation plans and monitor progress in addressing identified issues.
Engage with external auditors, consultants, and regulatory bodies as needed to support external reviews.

Proactively communicate with stakeholders on potential risks and emerging threats, encouraging an environment of transparency and accountability.

CONTINUOUS IMPROVEMENT

Stay current with emerging IT risks, technologies, and trends (e.g., cloud computing, artificial intelligence, and digital transformation) to ensure audits are forward-thinking and relevant.

Participate in the development and enhancement of IT audit methodologies and procedures.
Help drive innovation within the Internal Audit Office by exploring and implementing audit tools, analytics, and methodologies to increase efficiency.

Participate in training and professional development to enhance audit skills, technical knowledge, and understanding of IT environments.

LEADERSHIP AND MENTORSHIP

Provide guidance and mentorship to staff and contribute to their professional development.

Lead audit teams on specific engagements and coordinate efforts to ensure quality and timely completion.

OTHER

Performs specialized audit work examining financial and operational processes as needed.

Stays apprised of new and proposed regulatory issues and technology updates.

Interact with external business partners, consultants, and regulatory agencies as needed.

Provide input to the annual audit planning by identifying new IT areas for review based on risk assessments, technological changes, and agency needs.

Functions as a member of the Business Continuity Plan team, as necessary, in the event of a disaster.

Performs other, related duties as required.

Decision Making: Describe the types of decisions made by the incumbent of this position and the types of decisions referred to others. Identify the problems or issues that can be resolved at the level of this position, versus those that must be referred to the supervisor. Example: In response to a customer inquiry, this work involves researching the status of an activity and preparing a formal response for the supervisor’s signature.

This position reports to the Assistant Internal Audit Director. Work performed requires the ability to remain objective and to function independently from SERS operational divisions and staff. The incumbent performs work with autonomy and has discretion in developing audit scope, audit objectives, and audit plans, as well as with examining and evaluating data and reporting on audit findings and recommendations. The incumbent will work directly with the auditee in finalizing the written audit report, obtaining responses to recommendations, and developing reports of finalized results for the Audit, Risk and Compliance Committee when required.

Requirements Profile: Identify any specific experience or requirements, such as a licensure, registration, or certification, which may be necessary to perform the functions of the position. Position-specific requirements should be consistent with a Special Requirement or other criteria identified in the classification specification covering this position. Example: Experience using Java; Professional Engineer License

Experience:

Licenses, registrations, or certifications:

1.   N/A

2.   N/A

3.   N/A

4.

5.

6.

Essential Functions: Provide a list of essential functions for this position. Example: Transports boxes weighing up to 60 pounds.

1.	Plans and performs audits and prepares audit documentation and work papers accordingly
2.	Prepares comprehensive reports for use by management and the Audit, Risk & Compliance Committee
3.	Reviews and evaluates internal control procedures and security for new and/or upgraded systems
4.	Performs data extraction through various query tools as applicable
5.	Develops and maintains effective relationships with outside business partners and SERS staff
6.	Travels to contracted print vendor to conduct onsite visits as necessary
7.	Communicates effectively
8.	Adapts to shifts in priorities and fluctuations in workload
9.	Maintains and applies knowledge of system development & controls, access controls, & modifications/upgrades
10.	Reads, analyzes, interprets, and effectively applies rules, policies, procedures, and standards.