Senior Internal Auditor, Information Technology

Brown University

Job Description:

Performs risk informed (including the assessment of technological and operational risks) assurance and advisory reviews in a complex, decentralized, client service-oriented environment.

Reporting to a Director of Internal Audit and accountable to the Chief University Auditor, the Senior Internal Auditor, Information Technology position exists to participate in the creation, maintenance and execution of a comprehensive information systems audit program for Brown University.  The successful incumbent will need to become familiar with the mission of the University, its computing environment; participate in a continual risk assessment; and maintain a current inventory of information systems audit universe.

Will participate in examining the effectiveness, efficiency, and maturity of the University’s information privacy and security controls, as well as technology business process evaluations, through the use of data analytics and traditional internal audit methodologies. Will design and implement written audit procedures and programs, including authoring written reports to University management. Responsibilities include analyzing data, identifying trends, and interpreting and presenting results periodically and ad hoc to various levels of management. Will work with multiple clients in a highly collaborative matrix team environment.

Major Responsibilities:

Planning and execution of information technology audits and advisory services for Brown University’s internal audit function embedded within the University’s Risk, Audit and Compliance department. Assigned engagements are identified within the annual Internal Audit Services workplan approved by the Committee on Risk and Audit. 

Supporting Actions:

  • Perform IT audits and advisory engagements to assess information systems are operating securely and sensitive data is protected and accurate (including alignment with external standards and regulations).
  • Conduct work in accordance with Internal Audit Services Standards and professional standards issued by the Institute of Internal Auditors.
  • Prepare draft reports and communications to University management of the results of work, conclusions and any process improvement opportunities.
  • Advise area management on corrective actions and direct follow up work.

Conduct or participate within the ongoing risk assessment and audit planning efforts to ensure adequate coverage of University information technology risks. Continuous documentation of same within the audit universe framework of risks and controls.

Supporting Actions:

  • Participate in the development and maintenance of the IT Risk Assessment under the direction of the Director(s) of Internal Audit and oversight by the Chief University Auditor; including participating in identifying areas where business units should consider additional investment and areas for internal audit focus.
  • Provide Business and IT management with guidance on IT risk management matters, particularly on application and infrastructure security.

Participate in the strategic growth of Internal Audit Services in the enhancement of its methodology, approach, and models to provide internal audit services at Brown University.

Supporting Actions:

  • Maintain a current universe of auditable information technology entities.
  • Develop, build, or implement tools to analyze data to improve audit efficiency and effectiveness, (including for risk assessments).
  • Ultimately be a source for analytics that business units adopt to provide business insights or for continuous auditing.

Build and nurture working relationships with University Personnel and other audit clients and stakeholders.

Job Qualifications:

Education and Experience

  • Bachelor’s degree, preferably with a concentration in information technology, finance, accounting, or related field.
  • Minimum of five years of experience in information technology internal auditing and/or consulting, preferably in an education or nonprofit organization.
  • A solid understanding of the concept of governance, risk and controls; information security; and project management is essential.
  • An understanding of information technology management practice or security frameworks (e.g. NIST, ITIL, ISO, etc.) and their application within a complex, distributed, research intensive environment is strongly desired. 
  • Proven analytical ability to assess information system compliance against internal standards and policies, as well as all pertinent external regulatory requirements (e.g. FERPA, HIPAA, GLBA, PCI, etc.).
  • Possession of (or the ability to obtain) professional certification is desirable (e.g. CISA, CISSP, CPA, CIA, etc.).
  • A working knowledge of electronic audit tools and data analytic concepts (e.g. ACL, R, Cognos, etc.) is preferred.
  • Must demonstrate strong analytical, interpersonal, and verbal and written communication skills and the ability to communicate effectively.
  • Must be able to interpret and convey technical information to all levels of technical aptitude, including senior management.
  • Demonstrated ability to support a community of diverse perspectives and cultures in an inclusive environment. 

Job Competencies

  • Excellent communication skills
  • Customer-focused, customer service oriented
  • Excellent attention to detail and organization skills
  • Initiative and ability to work independently and as a member of a team
  • Ability to multi-task and prioritize workload
  • This position requires a strong commitment to promoting diversity

Please include a cover letter when submitting an application.

Background check satisfactory to Brown University.

In order to maintain 90% or greater universal vaccination rates on campus, all newly hired employees at Brown University must receive the final dose of the COVID-19 vaccine before they begin work, unless they are approved for a medical or religious exemption. For more information, please visit the Healthy Brown site. 

Recruiting Start Date:


Job Posting Title:

Senior Internal Auditor, Information Technology


Internal Audit Services


Grade 11

Worker Type:


Worker Sub-Type:


Time Type:

Full time

Scheduled Weekly Hours:


Position Classification:

Hybrid Eligible

Submission Guidelines:

Please note that in order to be considered an applicant for any staff position at Brown University you must submit an application form for each position for which you believe you are qualified. Applications are not kept on file for future positions. Please include a cover letter and resume with each position application.

Still Have Questions?

If you have any questions you may contact [email protected] .

EEO Statement:

Brown University is an E-Verify Employer.

Brown University is committed to fostering a diverse and inclusive academic global community; as an EEO/AA employer, Brown considers applicants for employment without regard to, and does not discriminate on the basis of, gender, sex, sexual orientation, gender identity, national origin, age, race, protected veteran status, disability, or any other legally protected status.

View or Apply
To help us track our recruitment effort, please indicate in your email – cover/motivation letter where ( you saw this job posting.