Job Opening: IT Audit Director (Statewide)

(CSA966) Grade 19: $125,000.00-- $160,000.00/yr.  (Commensurate with experience)

This position will be based out of the Boston, Brockton, Marlboro, or Chicopee OSA offices.  Please indicate your geographical preference in office location when applying per the application instructions below.

The Office of the State Auditor (OSA) offers a unique opportunity to work in a government environment that is high profile, has high expectations but is also committed to sustaining a healthy work/life balance.

The IT Audit Director (Director) oversees all aspects of the operations of the OSA’s IT Audit Unit.  The Unit will consist of an audit manager and approximately 6 to 8 other staff ranging from field auditors to audit supervisors. The IT Audit Unit conducts various types of IT audits of state agencies, departments, programs, and vendors who contract with the Commonwealth. The Director will also be responsible for developing training plans for personnel within the IT Audit Unit and will ensure that all work is completed in a timely and professional manner in accordance with Generally Accepted Government Auditing Standards (GAGAS) as well as OSA policies and procedures.

Please note that in response to COVID-19, OSA has developed a hybrid work model. Beginning in January 2022, employees are expected to work 40% of their work week in office, with 60% telecommuting. Also, as a requirement of employment, all OSA employees are required to provide proof of COVID-19 vaccination, or provide a negative COVID-19 PCR test weekly in order to access offices or worksites.

Work under the supervision of the First Deputy Auditor.

Exercise general supervision over all staff in the IT Audit Unit.

The IT Audit Director is expected to perform a variety of tasks, including, but not limited to, the following:

• Developing an annual IT audit plan that will specify the audit work to be conducted at each state agency. The scope and frequency of the audits will depend on the risk and the impact of potential deficiencies in the IT related processes and systems within the respective agency.  The risks can be related to traditional financial impacts, but also to issues which could violate certain regulatory requirements. This will require the identification of relevant state and/or federal regulatory requirements which apply to the particular agency (e.g., HIPPA, COSO, the Commonwealth’s Executive Office of Technology Services and Security standards). 

• Hiring and training staff for the IT Audit Unit. This will include developing areas of responsibilities for each position, qualifications for these positions, and training plans;

• Establishing and facilitating the achievement of annual divisional goals that are in line with OSA’s strategic plan;

• Assessing the progress of ongoing audits to (1) determine if changes in scope or objectives are needed, (2) provide technical advice as needed, (3) ensure compliance with professional standards and office policies, and (4) ensure conformity with approved audit program;

• Coordinating all audit work, reviewing audit reports prior to formal release, and reviewing supporting work papers to ensure that reports are well written and findings and conclusions are properly supported;

• Ensuring the timely completion of all audits and that all work is performed in accordance with applicable standards;

• Evaluating the performance of the IT Audit Manager and reviewing evaluations performed by the IT Audit Manager on IT Audit Unit field staff;

• Working with other division Directors to ensure that OSA audit activities are effectively coordinated;

• Representing OSA at meetings with agency officials, contractors, grantees, and others;

• Participating in presentations to internal and external groups;

• Performing other duties as required by the First Deputy Auditor.

In addition to the direct responsibilities, the Director will also develop and update as necessary, a plan to ensure that the IT Audit Unit has the ability to effectively audit future technological developments at state agencies.  Examples include, the use of: crypto assets, block chain, and facial recognition for IT systems access.

Educational:

Successful candidates should possess a bachelor’s degree in accounting, business administration or a business related field.

Work Experience:

Successful candidates should have at least 7 years of experience in auditing with a particular focus on evaluating IT processes and systems.  At least 5 of those years must be in a supervisory position. Experience in other fields such as health care, fraud examination, and regulatory compliance a plus. In addition, candidates should demonstrate the following skills:

• Proven experience in leading and motivating others;

• Strong collaboration, interpersonal management, and relationship skills;

• A  knowledge of Massachusetts government agencies and state laws and regulations;

• Demonstrated strong oral and written communications skills;

• Demonstrated leadership skills.

Certifications:

Either a CPA or CISA certification.  Other relevant certifications such as CISSP, CIA, and CRISC are a plus.

Experience and expertise in the following areas will also be important considerations:

• A Master’s degree in Business Administration, Public Administration, Information Systems or a related field.

• Significant experience in performing and supervising IT audits of government agencies in accordance with GAGAS.

• Significant experience in evaluating IT general controls and IT application controls within the COBIT and NIST Frameworks.

We require that all applicants have a valid Massachusetts driver’s license and that they maintain a safe driving record.

No Phone Calls Please:

To apply, please submit an electronic copy of a cover letter and resume, no later than September 28, 2022 via the MassCareers website: Click Here

The Office of the State Auditor is committed to providing equal employment opportunities. Employment actions such as recruiting, hiring, training, and promoting individuals are based upon a policy of non-discrimination. Employment decisions and actions are made without regard to race, color, gender, religion, age, national origin, ancestry, sexual orientation, gender identity and expression, disability, military status, genetic information, political affiliation, or veteran’s status.