Durham, North Carolina

Principal Information Technology (IT) Auditor

Occupational Summary

The Office of Audit, Risk and Compliance (OARC) is a dynamic professional environment focused on strategic risk assessment; operational, IT and financial risk and control assessments; process and controls environment consultation; and proactive engagement in emerging issues discussions with clients and institutional leadership.

The Principal IT Auditor supports the OARC mission and objectives through highly engaged support of the Audit Director, collaboration with team members and independent delivery of high-quality professional services. The Principal IT Auditor is responsible for performing risk assessments, client communication, audit and advisory project planning and execution, report delivery, and follow-up consultation. Valuable professional attributes include strong relationship-building skills; confident communication style; appropriate assertiveness, diplomacy and personal initiative; and the ability to facilitate collaboration across all levels of the institution.


Work performed includes:

Audit and Assurance Services

  • Plan, conduct and report audit and advisory engagements in the complex university environment for internal and external risks.

  • Conduct client interviews and independent research to evaluate internal controls and business process design, risk mitigation strategy, compliance with Duke policies or third-party regulations, as well as review and test all system layers (infrastructure, operating system, application, database, data, etc.).

  • Lead individual projects by performing preliminary planning and creating a risk-based audit program.

  • Execute with strong project management skills and steer outcomes through leadership on assigned projects and teams.

  • Perform testing of enterprise systems (SAP and PeopleSoft) and other university systems (third party and internal).

  • Develop and execute testing plans and approaches that can be leveraged across various audits.

  • Be aware of the higher education regulatory environment (e.g., FERPA, GLBA, PCI) and develop audit and advisory projects to support the organization in operations and compliance audit engagements.

  • Coordinate management action plans in response to audit recommendations; initiate and perform follow-up and monitoring of appropriate implementation of management action plans.

  • Engagements may include pre- and post-system implementations, data life cycle management, and application general computer controls including segregation of duties and user access controls.

Advisory Services

  • Promote increased risk awareness and the value of business process change and identify opportunities to strengthen the risk mitigation strategy of the institution.

  • Build and maintain strong client relationships through collaboration and institutional community involvement and be recognized as a solution-driven, trusted advisor.

  • Participate as needed in internal/external user groups/committees providing advisory support to stakeholders.

  • Review industry, trade and regulatory publications covering emerging risks and audit considerations for use on IT audit and advisory engagements.


  • Maintain a strong client service focus by developing productive working relationships and regular communication with key client personnel.

  • Foster a consultative role with management and client personnel.

  • Participate and partner with clients on advisory groups and/or steering committees.

  • Foster involvement in professional organizations to shape and influence the value of internal auditing, data analytics and advisory services.

Technical Expertise

  • Identify, research and communicate emerging IT trends and regulations in higher education.

  • Develop and maintain knowledge of university business processes, controls, data flows and related reporting for enterprise systems.

  • An understanding of IT management practice and security frameworks (e.g., NIST, ITIL, CIS) and their application within a complex, distributed, research-intensive environment is strongly desired.

  • Proven analytical ability to assess information systems compliance against internal standards and policies as well as all pertinent external regulatory requirements (e.g., FERPA, GLBA, PCI).

  • Other duties as assigned which may include special projects, investigations, internal controls training, department initiatives or management consultation or assistance; preparing activity and status reports and other required administrative reports.


The above statements describe the general nature and level of work being performed by individuals assigned to this classification. This is not intended to be an exhaustive list of all responsibilities and duties required of personnel so classified.



Bachelor’s degree in computer science, management information systems, accounting or related field; advanced degree desirable. CIA, CISA, CISSP, CPA or other relevant professional certification is strongly preferred.



Position requires at least three to five years’ experience in IT audit or consulting, including responsibility for audit engagement planning, oversight and delivery. Successful candidates will possess solid business acumen, well-developed analytical skills, strong relationship management abilities and the desire to achieve value-added project outcomes. Public accounting experience and working knowledge of complex enterprise resource planning (ERP) systems (such as SAP) is preferred.  OR ANY OTHER EQUIVALENT COMBINATION OF RELEVANT EDUCATION AND/OR EXPERIENCE.


Duke is an Affirmative Action/Equal Opportunity Employer committed to providing employment opportunity without regard to an individual's age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex, sexual orientation, or veteran status.


Duke aspires to create a community built on collaboration, innovation, creativity, and belonging. Our collective success depends on the robust exchange of ideas—an exchange that is best when the rich diversity of our perspectives, backgrounds, and experiences flourishes. To achieve this exchange, it is essential that all members of the community feel secure and welcome, that the contributions of all individuals are respected, and that all voices are heard. All members of our community have a responsibility to uphold these values.


Essential Physical Job Functions: Certain jobs at Duke University and Duke University Health System may include essentialjob functions that require specific physical and/or mental abilities. Additional information and provision for requests for reasonable accommodation will be provided by each hiring department.


Durham, North Carolina

As a world-class academic and health care system, Duke Health strives to transform medicine and health locally and globally through innovative scientific research, rapid translation of breakthrough discoveries, educating future clinical and scientific leaders, advocating and practicing evidence-based medicine to improve community health, and leading efforts to eliminate health inequalities.

Similar jobs