Information Systems Auditor The Information Systems Auditor position is responsible for performing internal information systems audit work throughout VERITAS Software. Incumbents are expected to have information systems audit experience and to demonstrate proficiency in performing information systems audit work, which conforms to professional standards. This person will work with user, technical and internal security management in the development and implementation and maintenance of information system audits. This person must be able to develop and implement flexible auditing solutions, dictated by the needs of a hybrid and rapidly evolving centralized/decentralized business environment. The individual must be a results-oriented person who can achieve tangible improvements in the information audit arena. Excellent technical and communications skills are a must, as is proven information security auditing experience in a medium-to-large business organization. Job Description An Information Systems Auditor is expected to: Apply and maintain IT best practices standards. Demonstrate proficiency in applying information systems audit principles, skills and techniques in reviewing and testing computer applications and information systems technology of varying complexity. Execute the audit process on a wide variety of computing environments and computer applications and accurately interpret results against defined criteria and do so such that the work is competently and efficiently performed in accordance with professional standards. Additional activities include working with management in defining and implementing an ongoing risk assessment program, which will define, identify and classify critical information assets, assess security threats and vulnerabilities regarding those assets and implement safeguard recommendations. Perform internal audits, development of appropriate criteria needed to assess the level of new/existing applications and/or technology infrastructure elements for compliance with enterprise security and audit standards. Apply internal control policies in a wide variety of information technology processes and appropriately assess the exposures resulting from ineffective or missing practices. Prioritize work so resources are devoted to areas of highest risk. Consistently document relevant facts and information, which support the work performed and conclusions drawn so other reviewers can follow the auditor's logic and methodology. Be effective in communicating audit results, both verbally and in writing, so they are persuasive, placed in the appropriate context, and understood by the recipient. Be able to complete work with limited instructions, yet know when to seek guidance from management staff when circumstances warrant. Complete work assignments independently or as part of a team project. The position requires: Graduate degree with business emphasis in a related field Computer Science 2 to 4 years of information system audit experience Experience with SAS standards. Effective interpersonal skills Effective verbal and written communications skills Critical thinking and analytical skills Experience in auditing information systems for best practices and security issues. Excellent working knowledge of, Windows NT, Windows 2000 and Unix (Solaris), Cisco IOS Experience with Oracle and MS SQL Experience auditing network firewall concepts Ability to function well under pressure, and efficiently manages multiple priorities.
