"Senior Auditor"

Please provide a cover letter and resume uploaded as one document. The cover letter should outline:

• Your skills and experiences that directly relate to the position responsibilities
• The specific reasons for your interest in this position

Audit Services at the University of Michigan seeks an outstanding senior auditor to join our team. Audit Services is a resource and provides service to all areas of the university. We offer a challenging environment, professional growth opportunities, and work/life balance. Travel to branch campuses and conferences is rare but may be required. The successful candidate will be responsible for planning and performing IT audits and advisory engagements across all three campuses and Michigan Medicine. Engagements may include reviews of information systems, cybersecurity controls, IT governance, and related processes. Key responsibilities include:

• Plan and perform IT audits, including risk assessment, audit planning, fieldwork, analysis, evaluation of the adequacy of IT controls, and preparation of audit reports
• Assess adherence to university policies and accepted standards (e.g., NIST, FERPA) and evaluate systems for confidentiality, integrity, and availability
• Evaluate security controls for effectiveness, efficiency, compliance with legal requirements, and alignment with management objectives
• Perform risk-based technical assessments of information systems and cybersecurity controls, which may include configuration reviews, vulnerability assessments, or other targeted security testing activities, as appropriate
• Partner with institutional and cybersecurity teams to evaluate detection, response, and recovery capabilities
• Evaluate the maturity of security architectures, identity and access management controls, and cloud configurations (e.g., AAWS, Azure, GCP)
• Serve as a technical resource within Audit Services for cybersecurity risk, emerging threats, and technology-related control considerations
• Proactively keep the associate director informed of audit progress, emerging risks, and significant issues
• Assist with the support, configuration, and maintenance of audit management tools
• Perform other duties and special projects as assigned

This position requires effective communication with audit clients and collaboration with colleagues across Audit Services. A supportive and collaborative team environment is essential, along with proactive communication and sound judgement.

Required Qualifications:

• Bachelor's degree in management information systems, accounting, computer science, or related field
• Relevant information technology experience and/or IT audit experience in a distributed and sophisticated information technology environment
• Demonstrated expertise related to information systems auditing concepts, including security and control risks in the areas of logical and physical security, access controls, change management, data protection, operational resilience, networking, and modern cloud-based environments
• Experience collecting and analyzing complex data, evaluating information and systems, drawing logical conclusions, and working collaboratively
• Working knowledge of information technology and security best practices, control frameworks, business process mapping, and risk and controls identification
• Excellent written and verbal communications and the ability to interact effectively with technical and non-technical stakeholders
• Understanding of the concepts of internal controls in an IT context and risk assessment methodologies. However, inquisitive individuals with strong technical IT skills who are willing to learn auditing, are also encouraged to apply.
• Ability to work effectively and collaboratively in a diverse work group and across the broader university community
• Ability to meet hybrid work requirements, including residence within commuting distance of Ann Arbor and access to a secure, confidential remote workspace

Preferred Qualifications:

• Graduate degree in a related field (e.g., information systems, cybersecurity, or audit)
• Applied knowledge of cybersecurity and IT risk frameworks, such as the NIST Cybersecurity Framework and Center for Internet Security (CIS) controls
• Experience performing advanced security or technical assessments, which may include vulnerability scanning, penetration testing, configuration reviews, or adversarial-style testing activities
• Familiarity with ethical hacking concepts, threat modeling, or adversary techniques used to assess cyber risk and control effectiveness
• Experience working with or alongside cybersecurity operations, incident response, or security monitoring teams
• Experience using data analytic or technical tools (e.g., ACL, IDEA, Tableau, scripting or security testing tools) to support audit or risk assessment activities
• Knowledge of higher education operations, university systems and data, and other compliance/regulatory requirements (e.g., FERPA, HIPAA, PCI DSS, GLBA)
• Professional certifications such as CISA, CIA, CISSP, CEH, OSCP, or other relevant certifications

This is a hybrid position requiring secure reliable internet access and some on-site work is required so the candidate must live within a reasonable commuting distance from Ann Arbor. This position will have a potential for a flexible combination of on-campus and remote work responsibilities.

Respect for the university's core values is essential to the Audit Services mission and the department is committed to supporting initiatives that uphold and enhance these values across the university's research, teaching, and service missions.

Salary is commensurate with the experience and qualifications of the selected candidate.

Authorization to work in the U.S. is a precondition of employment and applicants for these positions will not be sponsored for work visas.