Internal Audit Manager – IT

Website City of Richmond - City Auditor's Office

The City of Richmond Office of the City Auditor is seeking highly qualified candidates to fill the position of Internal Audit Manager.  The incumbent is responsible for providing oversight of staff and ongoing evaluation of the City’s information technology infrastructure, processes, systems, and protocols.

The IT Audit Manager position is responsible for leading information systems audits of a variety of process environments throughout the city that evaluate the effectiveness of internal controls established to manage the city’s most significant risks. The IT Audit Manager will plan and execute audit engagements. The role includes leading a team in conducting interviews and walkthroughs with process owners; developing and executing audit test steps associated with related controls; and preparing workpapers to document the audit work performed to support conclusions reached.

Work involves leading technical audits and data analysis of information systems, platforms, and operating procedures and preparing working papers, audit findings, and audit reports, in accordance with established information system audit standards. Additionally, the IT Audit Manager may actively participate, assist, or manage non-IT audits or projects. This position reports to the Deputy Department Director.

This is a position which requires implementing effective leadership, requires a high-level of IT expertise, and strategic thinking.  The successful candidate will have numerous opportunities to work closely with agency stakeholders and decision makers and be a key influencing team member as it relates to ensuring IT practices and service delivery.  If this piques your interest and your qualifications are a solid match, read on and apply.

**This position is unclassified.  Therefore, the incumbent will serve at the will of the Appointing Authority.**
Duties include but are not limited to
Managing professional audit staff team(s) responsible for conducting audits or evaluations of city departments and programs that include but are not limited to effectiveness, efficiency, governance, compliance with NIST standards, and internal control objectives following Generally Accepted Government Auditing Standards (GAGAS) guidance as promulgated by the U.S. Government Accountability Office (GAO)
Working with Office leadership to make initial assessment of issue(s) or problem area(s) by researching best practices, trends, and historical and current data, along with related laws, policies, procedures, methods and/or practices, defining the scope of work, developing the methodology for the collection of relevant data, and assembling and designating data into meaningful formats
Developing or modifying work plans, methods, and procedures, determines work priorities, and develops work schedules to provide adequate staff coverage
Providing work instruction and coaching, assists employees with difficult and/or unusual assignments; encourages innovation
Successfully overseeing and managing multiple engagements simultaneously
Ensuring that work activities fully comply with GAGAS and the Office of the City Auditor’s operating policies and procedures
Examining internal IT controls, evaluate the design and operational effectiveness, determine exposure to risk, and develop remediation strategies
Testing and identifying network and system vulnerabilities and create counteractive strategies to protect the network
Communicating complex technical issues in simplified terms to the relevant staff
Performing regular audit testing and provide recommendations
Reviewing, evaluating, and testing application controls
Providing recommendations and guidance on identified security and control risks
Developing a strong understanding of business and system processes
Performing other related duties as assigned
Qualifications, Special Certifications and Licenses

Knowledge, Skills & Abilities (or some combination of the following):

Generally accepted information technology audit and financial standards and practices
IIA’s International Standards for Professional Practice of Internal Auditing and Code of Ethics, ISACA’s IS Audit and Assurance Standards and code of Professional Ethics, and GAO Standards
Financial and non-financial systems, processes, and practices
Information technology security and control practices
Information technology management practices
Computer Assisted Audit Techniques (CAATs)
Standard techniques and methods for detecting fraud
Collecting and analyzing complex data
Evaluating information and systems
Drawing logical conclusions
Assessing the effectiveness of internal controls over key information technology risks
Identifying significant exposures
Analyzing transactions and management information
Detecting changes in key risks and/or control effectiveness
Developing appropriate recommendations to address exposures
Using analytical software tools, data analysis methods, and other computer applications
Developing audit programs
Managing audit projects
Display a high level of self-motivation
Work in a team environment as well as individually
Utilize resources and training to perform reviews
Work on multiple assignments within agreed upon priorities and timelines
Establish and maintain working relationships with co-workers, staff, and management to achieve common goals
Plan, organize, and prioritize multiple assignments to effectively manage a fast paced and changing work environment without compromising accuracy
Apply information system auditing skills to a wide variety of policies, practices, and systems found with county government

Bachelor’s degree in information technology or computer information systems or related field
Five (5) years supervisory experience in IT auditing with a minimum of three (3) years of experience in government
An equivalent combination of training and experience (as approved by the department) may be used to meet the minimum qualifications of the classification
Preferred Experience:Specialized experience with computers, information security, network, websites, and/or other related technical audits
Experience auditing systems including accounting systems, administrative systems, property accounting, or payroll/personnel reporting systems
Experience in government auditing
Experience in analyzing internal controls
Experience in performing risk assessments
Experience with Audit Command Language (ACL)
LICENSING, CERTIFICATIONS, and/or OTHER SPECIAL REQUIREMENTS: Certified Information Systems Auditor (CISA) required.
Certified Public Accountant or Certified Internal Auditor preferred.

To apply for this job please visit