Apply on Employer Site

Brookhaven National Laboratory · 3 days ago

Senior Auditor IT, Principal Auditor - IT

Upton, NY

Full-time

Hybrid

Senior Level, Lead/Staff

$100K/yr - $138K/yr

6+ years exp

Brookhaven National Laboratory is a multidisciplinary laboratory committed to delivering discovery science and transformative technology. They are seeking a Senior Auditor IT who will plan and execute IT audit projects to assess internal control processes and operational performance, ensuring compliance with internal standards and professional guidelines.

Information TechnologyLife ScienceSearch Engine

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Executes complex IT audits across infrastructure, applications, cybersecurity, and governance processes, ensuring audits are completed on time and in accordance with internal standards and professional guidelines

Conduct risk-based audit planning, including development of risk assessments, audit scopes, test plans, and control evaluations

Identify and evaluate technology-related risks and controls, providing assurance that governance and security mechanisms are functioning effectively

Demonstrate strong knowledge of complex IT environments and apply industry trends, emerging risks, and best practices to audit execution

Prepare detailed, well-organized audit documentation and present audit findings and recommendations to department leadership and business management

Perform audits in accordance with the IIA Standards for the Professional Practice of Internal Auditing, NIST guidance, and applicable regulatory frameworks

Participate in reviews of systems under development or undergoing major changes

Contribute to identifying and refining audit coverage of emerging technology risks and potential areas for future audits

Provide support for data analytics initiatives within the Internal Audit team, including the development or review of analytics used to monitor or evaluate controls and risk indicators

Support or lead special projects such as fraud investigations, targeted risk reviews, or IT control consultations

Participate in financial, operational, and integrated audits, especially where IT plays a supporting role, and other duties as may be assigned

Qualification

IT auditingNIST Risk Management FrameworkCertified Information Systems AuditorIT risk assessmentData analyticsCloud securityRegulatory complianceAudit documentationCommunication skillsIndependent workTeam leadership

Required

Bachelor's degree in Computer Science, Information Systems, Accounting, Finance, or a related field; or equivalent experience generally based on the basis of 2:1(experience: college) years, relevant work experience may substitute education (2:1 ratio)

Minimum 6 years of experience performing audits including at least 2 years specifically in IT auditing, including experience leading audit engagements and presenting results to senior management

Demonstrated experience with the NIST Risk Management Framework (RMF) and deep understanding of NIST SP 800-53 Rev. 5 controls

Strong knowledge of IT risk assessment methodologies, control evaluation techniques, and regulatory compliance in federal or highly regulated environments

Professional certification required: Certified Information Systems Auditor (CISA); additional certifications such as CISSP, CRISC, or CISM are preferred

Proven ability to audit across a variety of IT areas, including cloud security, logical and physical access, change management, cybersecurity, application controls, and system development lifecycle (SDLC)

Familiarity with common platforms such as Windows, Linux, and major cloud service providers (e.g., AWS, Azure)

Clear and concise written and verbal communication skills, with the ability to clearly convey technical risks and control recommendations to both technical and non-technical audiences

Ability to work independently, manage multiple priorities, and deliver high-quality results under minimal supervision

Proficiency with Microsoft Office applications (Excel, Word, PowerPoint, Outlook, Access, Visio); advanced Excel or other data analytics tools preferred

Security clearance requirements: Must undergo and receive a favorable disposition in a preliminary background investigation (criminal, credit, prior employment, etc.); must be able to obtain and maintain a U.S. Department of Energy Q-level security clearance which requires that you: be a US citizen; have no felony convictions or other serious offenses; have an honorable discharge from military, and a good credit history. Obtaining and maintaining a security clearance is condition of employment