Share this Job
Job Req ID:  59856

Senior Information Technology Auditor

The Department of Internal Audits seeks a Senior Information Technology Auditor who will perform these duties and responsibilities:

  • Serve as the lead in the development, implementation, and evaluation of information technology internal audits for assigned organizational areas and functional activities throughout The Johns Hopkins Institutions (Johns Hopkins University and Johns Hopkins Health Systems) in accordance with the Annual Audit Plan.
  • Audits may include: technical IT infrastructures, automated application controls, IT general controls, system pre-implementations, Advisory Reviews and teaming with operational auditors on projects.
  • Set clear expectations for audit team, coordinate assignments, monitor productivity, and ensure high quality output. Will serve as technical resource to other team members.


Performs assigned duties in accordance with the accepted professional standards requiring:

  • Independence and objectivity.
  • Knowledge of information technology principles and standards, proper administrative control procedures and good business practices, and
  • Ability to assess risk, relative to the proper application of controls.
  • Serve as a leader and a role model.


Promotes Department image through quality work, sharing knowledge and professional dealings and maintain confidentiality of information.


Specific Duties & Responsibilities:

  • Document current information technology practices through interviews, observation, investigation and testing.
  • Test systems (utilizing automated and/or traditional auditing methods) and analyze results of testing.
  • Identify through investigation and analysis, underlying causes and contributing factors to noted problems.
  • Identify and assess risks.
  • Identify appropriate solutions and formulates sound reasonable recommendations for management’s corrective action, using appropriate criteria and cost-benefit considerations.
  • Prepare formal written reports, expressing conclusion on the adequacy and effectiveness of the system and the efficiency with which activities are carried out.
  • Plan internal audits by gathering specific relevant background information (IT documentation, and policies and procedures) from the Institution’s information systems, web-based and other information sources. 
  • Utilize organizational and regulatory knowledge to identify audit constraints and shape priorities.
  • Negotiate audit parameters with Director. If leading an audit, will ensure that all members understand their individual roles and responsibilities.
  • Design appropriate risk and control matrix and time budgets based upon interviews and evaluation of underlying financials and business risks.
  • Utilize advanced knowledge of Microsoft Office Suite and other business and audit-related software to conduct internal audit work as well as the extraction of relevant business data and its analysis using analytical software.
  • Thoroughly address all objectives and risks identified in audit planning and conclude on operational effectiveness and efficiency, considering industry best practices.
  • Prepare clear and concise working papers and other documentation supporting discussions, operational facts and results of testing to justify conclusions. When serving in a project lead role, will review all working papers related to the project.
  • Communicate recommendations to management through logical, clear and concise written and oral means to gain understanding and agreement on audit issues and commitment to implement corrective action.
  • Review internal controls on major systems development projects, serve as liaison between technical and non- technical personnel; and will participate on new system implementation and other committees when necessary, providing suggestions and feedback, reviewing and analyzing draft designed internal controls and operating processes prior to system implementation, testing the completeness of the transfer of data from the old to the new system, and post-implementation testing of controls, security, and transactions for adequacy and accuracy.
  • Perform follow-up internal audits to evaluate management’s implementation of Action Plans.
  • Monitor project status and issues on a timely basis and report progress and issues to project lead or Director timely and regularly.
  • Evaluate feedback from customers as well as lessons learned meetings and identify possible areas for improvement. Implement changes in future audits as needed.
  • Oversee the activities of Information Technology Auditors to ensure effective utilization in completing assigned projects.
  • Provide day-to-day support of Internal Auditors as needed (create open lines of communication, provide regulatory updates, advise on difficult situations, etc.).
  • Participate in personnel development training and performance evaluation programs. May provide oral feedback to staff assigned or to the director for inclusion in staff performance or project evaluation.
  • Interact appropriately with all levels of personnel, building good working relationships, and establishing a network of organizational contacts.
  • Able to work independently and with varying levels of management.
  • Manage multiple projects or single projects in complex environments. Manage competing priorities.
  • Assist other Auditors as appropriate and necessary to execute assigned projects.
  • Consider multiple approaches and develop solutions to problems.
  • Demonstrate projectmanagement and time management skills.
  • Address dificult and sensitive issues in a timely and effective manner.
  • May be responsible for more complex audits than those handled by Internal Auditors (act as lead on a multi-entity audit requiring coordination of several other auditors, implement a new audit with no available history or background, responsible for high visibility/high priority audits, etc.). May also have a higher volume of audits.
  • Provide occasional IT support to operational auditors and support staff.
  • Demonstrate a thorough understanding of Healthcare and/or Higher Education industry. Monitor changes in the industry and be able to understand the impact to own work.


Scope of Responsibility:

Knows the formal and informal departmental goals, standards, policies and procedures that may include some familiarity of other departments within the JH Institution. Is sensitive to the interrelationship of both people and functions throughout the organization. Responsible for own professional development and contributes to the development of others.


Decision Making:

On a regular and continuous basis, exercises administrative judgment and assumes responsibility for decisions, consequences and results having an impact on people, costs and/or quality of service within the functional area.



In accordance with Department policy, can make all decisions necessary to carry out assigned projects and related internal audit and work programs to meet the audit objectives.  May direct the activities of staff or a function and /or represent the function at meetings.



Uses proper oral, written and interpersonal communication skills. Exchanges information using tact and persuasion, as appropriate.  Effectively shares relevant information with assigned team and fosters dialogue as necessary.


Minimum Qualifications (Mandatory):

  • Bachelor’s degree in Management Information Systems, Computer Engineering, Computer Science, Accounting or related discipline.
  • Minimum of five years of IT audit (external or internal) experience.      


Preferred Qualifications:

  • May consider candidates with other audit experience. 
  • Six plus years of IT experience preferred.




  • Professional certification or progress toward certification (Certified Information Systems Auditor (CISA).
  • Certified Information Security Manager (CISM).
  • Certified Information Systems Security Professional (CISSP).
  • Systems Security Certified Practitioner (SSCP).
  • Certified Public Accountant (CPA).
  • Masters Degree.


Desired Qualifications:

Knowledge of:

  • Internal controls related to physical security.
  • Logical security (application, database, operating system, network).
  • Program change control/change management.
  • System/data backup, disaster recovery, business continuity, systems development life cycle, cloud computing, project management, system administration, system interfacing. 
  • Data migration, configuration management, programming, systems analysis, telecommunications, enterprise resource planning (SAP preferred), and compliance (Health Insurance Portability and Accountability Act HIPAA).
  • Family Educational Rights and Privacy Act (FERPA), Payment Card Industry Data Security Standard (PCI-DSS), and NIST Cybersecurity Framework.
  • Familiarity with networking (firewalls, routers, remote access, intrusion detection systems, active directory), database (SQL, Oracle, DB2), and operating system (Windows, LINUX) technologies. 
  • Understanding of technically complex IT infrastructures. 
  • Excellent problem solving and analytical skills.
  • Experience with Microsoft Office and automated workpapers.
  • Experience with ACL, Tableu, MS Power BI, and Epic a plus.


Physical Requirements:

  • Sitting in a normal seated position for extended periods of time.
  • Reaching by extending hand(s) or arm(s) in any direction.
  • Finger dexterity required to manipulate objects with fingers rather than with whole hand(s) or arm(s), for example, using a keyboard.
  • Communication skills using the spoken word.
  • Ability to see within normal parameters.
  • Ability to hear within normal range.
  • Ability to move about.
  • Provides own transportation to Baltimore City and surrounding counties.



This description is a general statement of required major duties and responsibilities performed on a regular and continuous basis.  It does not exclude other duties as assigned.


Reports To:

Director of Information Technology Audits.

Pay Range:


$69,800- $122,074

Classified Title: Sr. Information Technology Auditor
Role/Level/Range: ATP/04/PD 
Starting Salary Range: commensurate with experience

Employee group: Full Time 
Schedule: M-F, 8:30am-5pm 
Exempt Status: Exempt  
Location: ​​​​​​​Eastern High Campus 

Department name: ​​​​​​​Information Systems Auditing 
Personnel area: University Administration


The successful candidate(s) for this position will be subject to a pre-employment background check.


If you are interested in applying for employment with The Johns Hopkins University and require special assistance or accommodation during any part of the pre-employment process, please contact the HR Business Services Office at For TTY users, call via Maryland Relay or dial 711.


The following additional provisions may apply depending on which campus you will work.  Your recruiter will advise accordingly.


During the Influenza ("the flu") season, as a condition of employment, The Johns Hopkins Institutions require all employees who provide ongoing services to patients or work in patient care or clinical care areas to have an annual influenza vaccination or possess an approved medical or religious exception. Failure to meet this requirement may result in termination of employment.


The pre-employment physical for positions in clinical areas, laboratories, working with research subjects, or involving community contact requires documentation of immune status against Rubella (German measles), Rubeola (Measles), Mumps, Varicella (chickenpox), Hepatitis B and documentation of having received the Tdap (Tetanus, diphtheria, pertussis) vaccination. This may include documentation of having two (2) MMR vaccines; two (2) Varicella vaccines; or antibody status to these diseases from laboratory testing. Blood tests for immunities to these diseases are ordinarily included in the pre-employment physical exam except for those employees who provide results of blood tests or immunization documentation from their own health care providers. Any vaccinations required for these diseases will be given at no cost in our Occupational Health office.


Equal Opportunity Employer
Note: Job Postings are updated daily and remain online until filled. 


EEO is the Law
Learn more:

Johns Hopkins at Eastern