Duke University

Technology Risk Assurance Manager

Return to Postings
Posted On:
Closing On:

Job Description:

Occupational Summary

The Office of Audit, Risk and Compliance (OARC) is a dynamic professional environment focused on strategic risk assessment; operational, performance and financial risk and control assessments; process and control environment consultation; and proactive engagement in emerging issues discussion with clients and institutional leadership.

The Technology Risk Assurance Manager supports the OARC mission and objectives through highly engaged support of the Audit and Compliance directors and audit/compliance teams.  The Technology Risk Assurance Manager also is responsible for performing risk assessments, client communication, audit and advisory project planning and execution, engagement leadership, report delivery, and follow-up consultation.  Valuable professional attributes include strong relationship-building skills; confident communication style; appropriate assertiveness, diplomacy and personal initiative; and the ability to facilitate collaboration across all levels of the institution, including the university and health system.  

Work performed includes:

Duties and Responsibilities

  • Act as a trusted advisor and partner in technology risk-based decision making with business, information technology (IT), and information security stakeholders
  • Identify and analyze the inherent risks in applications and supporting infrastructure and the controls that management has implemented to mitigate risks
  • Assist in the development of individual audits to ensure that projects and stakeholders focus on key risks and controls
  • Lead, manage and execute complex IT assessment projects including internal audits, system implementations and specialized IT areas (cloud, dev/ops, agile development, ITIL)
  • Support technical audits of various technology platforms and evaluate IT internal controls, and work collaboratively with management to identify corrective actions
  • Monitor internal and external business, regulatory and technology environments to identify new or emerging risks and other opportunities for improvement
  • Drive a culture of risk awareness, risk and control visibility with measurable risk reduction and effective reporting, and governance of risk reduction activities
  • Collaborate with the Audit Analytics Manager to integrate data analytics in support of audit and risk management planning, execution and reporting
  • Collaborate with the audit team to set goals and responsibilities for specific engagements, foster teamwork, facilitate discussions on new ideas and opportunities for adding value to clients.

Preferred Skills:


Strong oral and written communication skills required.  Strong IT technical skills with experience securing and evaluating environments in electronic health records (EHR), enterprise resource planning (ERP) and ServiceNow is desired.  Industry knowledge of higher education and/or health care is a plus.
This position requires technical knowledge as well as the skills necessary to work with various levels of the organization from IT support groups to application owners; the audit, compliance and security teams; and Duke leadership.

Powered by JobGrok