Senior Auditor

Please provide a cover letter and resume uploaded as one document. The cover letter should outline:

• Your skills and experiences that directly relate to the position responsibilities
• The specific reasons for your interest in this position

The University of Michigan
The Chronicle of Higher Education has consistently featured the University of Michigan on its list of Great Colleges to Work For. With three campuses, 19 schools and colleges, world-class research facilities, and an exceptional health system, the University of Michigan is consistently ranked as one of America's top public universities.

Office of Audit Services
Audit Services at the University of Michigan is a team of 22 professionals who provide high-quality assurance, management advisory services, and other value-added services designed to assess and improve risk management, internal controls, compliance, and governance processes across the University of Michigan.

We encourage teamwork, respect for others, continuous improvement, honest and ethical behavior, creativity and innovation, lifelong learning, and balancing professional and personal priorities. We value respect, integrity, professionalism, and accountability. We operate in accordance with the IIA Global International Standards and the IIA Code of Ethics. Please see (Use the "Apply for this Job" box below). for additional information.

The University of Michigan offers a comprehensive benefits package to help you stay well, protect yourself and your dependents, and plan for a secure future.

Being part of something greater, of serving a larger mission of discovery and care that's the heart of what drives people to work  some way, great or small, every person here helps to advance this world-class institution. It's adding a purpose to your profession. Work at Michigan and become a victor for the greater good.

Audit Services at the University of Michigan seeks an outstanding senior auditor to join our team. Audit Services is a resource and provides service to all areas of the university. We offer a challenging environment, professional growth opportunities, and work/life balance. Travel to branch campuses and conferences is rare but may be required. The successful candidate will be responsible for planning and performing IT audits and advisory engagements across all three campuses and Michigan Medicine.

Engagements may include reviews of information systems, cybersecurity controls, IT governance, and related processes

Key responsibilities include:

• Plan and perform IT audits, including risk assessment, audit planning, fieldwork, analysis, evaluation of the adequacy of IT controls, and preparation of audit reports
• Assess adherence to university policies and accepted standards (e.g., NIST, FERPA) and evaluate systems for confidentiality, integrity, and availability
• Evaluate security controls for effectiveness, efficiency, compliance with legal requirements, and alignment with management objectives
• Perform risk-based technical assessments of information systems and cybersecurity controls, which may include configuration reviews, vulnerability assessments, or other targeted security testing activities, as appropriate
• Partner with institutional and cybersecurity teams to evaluate detection, response, and recovery capabilities
• Evaluate the maturity of security architectures, identity and access management controls, and cloud configurations (e.g., AAWS, Azure, GCP)
• Serve as a technical resource within Audit Services for cybersecurity risk, emerging threats, and technology-related control considerations
• Proactively keep the associate director informed of audit progress, emerging risks, and significant issues
• Assist with the support, configuration, and maintenance of audit management tools
• Perform other duties and special projects as assigned

This position requires effective communication with audit clients and collaboration with colleagues across Audit Services. A supportive and collaborative team environment is essential, along with proactive communication and sound judgement.

• Bachelor's degree in management information systems, accounting, computer science, or related field
• Relevant information technology experience and/or IT audit experience in a distributed and sophisticated information technology environment
• Demonstrated expertise related to information systems auditing concepts, including security and control risks in the areas of logical and physical security, access controls, change management, data protection, operational resilience, networking, and modern cloud-based environments
• Experience collecting and analyzing complex data, evaluating information and systems, drawing logical conclusions, and working collaboratively
• Working knowledge of information technology and security best practices, control frameworks, business process mapping, and risk and controls identification
• Excellent written and verbal communications and the ability to interact effectively with…