Requisition Number:: 76431
Date: Nov 9, 2020
Durham, NC, US, 27710
Personnel Area: CENTRAL ADMIN MANAGEMENT CTR
The Office of Audit, Risk and Compliance (OARC) is a dynamic professional environment focused on strategic risk assessment; operational, performance and financial risk and control assessments; process and control environment consultation; and proactive engagement in emerging issues discussion with clients and institutional leadership.
The Technology Risk Assurance Manager supports the OARC mission and objectives through highly engaged support of the Audit and Compliance directors and audit/compliance teams. The Technology Risk Assurance Manager also is responsible for performing risk assessments, client communication, audit and advisory project planning and execution, engagement leadership, report delivery, and follow-up consultation. Valuable professional attributes include strong relationship-building skills; confident communication style; appropriate assertiveness, diplomacy and personal initiative; and the ability to facilitate collaboration across all levels of the institution, including the university and health system. Work performed includes:
Duties and Responsibilities
• Act as a trusted advisor and partner in technology risk-based decision making with business, information technology (IT), and information security stakeholders
• Identify and analyze the inherent risks in applications and supporting infrastructure and the controls that management has implemented to mitigate risks
• Assist in the development of individual audits to ensure that projects and stakeholders focus on key risks and controls
• Lead, manage and execute complex IT assessment projects including internal audits, system implementations and specialized IT areas (cloud, dev/ops, agile development, ITIL)
• Support technical audits of various technology platforms and evaluate IT internal controls, and work collaboratively with management to identify corrective actions
• Monitor internal and external business, regulatory and technology environments to identify new or emerging risks and other opportunities for improvement
• Drive a culture of risk awareness, risk and control visibility with measurable risk reduction and effective reporting, and governance of risk reduction activities
• Collaborate with the Audit Analytics Manager to integrate data analytics in support of audit and risk management planning, execution and reporting
• Collaborate with the audit team to set goals and responsibilities for specific engagements, foster teamwork, facilitate discussions on new ideas and opportunities for adding value to clients
• Understanding of cloud platforms (SaaS, PaaS, IaaS), DevOps, Agile development, systems development lifecycle (SDLC)
• Awareness of legal and regulatory requirements such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Federal Information Security Management Act of 2002 (FISMA), the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), the Family Educational Rights and Privacy Act of 1974 (FERPA), Payment Card Industry (PCI), European Union (EU) Data Privacy, Safe Harbor, federal and state identify theft acts, etc.
• Current knowledge of at least some of the following: access control software, security architecture and administration, network security awareness and enforcement, database security auditing, and disaster recovery
• Up-to-date knowledge of technological trends and developments in the areas of information security, governance, risk and compliance management, and data loss prevention
• Awareness of information security and technical risk standards, codes of practice, and guidelines such as the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27000 series, the National Institute of Standards and Technology (NIST) Computer Security Standards, Factor Analysis in Information Risk (FAIR), PCI, Service Organization Control (SOC) 2, Information Technology Infrastructure Library (ITIL), and the Center for Internet Security (CIS) Critical Security Controls
• Function as the technology risk management subject matter expert for the audit teams.
The above statements describe the general nature and level of work being performed by individuals assigned to this classification. This is not intended to be an exhaustive list of all responsibilities and duties required of personnel so classified.
MINIMUM HIRING SPECIFICATIONS
Bachelor's degree in Computer Science, MIS, Business Management, or other relevant field as well as certification (CIA, CISA, CRISC, or CISSP) by examination. CISA and CISSP preferred.
Requires three to five years IT audit or IT risk analysis experience. Experience in not-for- profit, governmental, or colleges and universities as well as health care experience is preferred. Experience with SAP and EPIC is preferred.
OR ANY OTHER EQUIVALENT COMBINATION OF RELEVANT EDUCATION AND/OR EXPERIENCE
Duke is an Affirmative Action/Equal Opportunity Employer committed to providing employment opportunity without regard to an individual's age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex, sexual orientation, or veteran status.
Duke aspires to create a community built on collaboration, innovation, creativity, and belonging. Our collective success depends on the robust exchange of ideas—an exchange that is best when the rich diversity of our perspectives, backgrounds, and experiences flourishes. To achieve this exchange, it is essential that all members of the community feel secure and welcome, that the contributions of all individuals are respected, and that all voices are heard. All members of our community have a responsibility to uphold these values.
Essential Physical Job Functions: Certain jobs at Duke University and Duke University Health System may include essentialjob functions that require specific physical and/or mental abilities. Additional information and provision for requests for reasonable accommodation will be provided by each hiring department.
Nearest Major Market: Durham
Nearest Secondary Market: Raleigh