(Sr.) Internal IT Auditor

Job Type

Full Time


Details: Not Listed




United States


The Cystic Fibrosis Foundation - the world's leader in the search for a cure for cystic fibrosis, and one of the most innovative and successful organizations of its kind - is seeking a Senior Internal IT Auditor at our national headquarters in Bethesdsa, MD.

We are a nonprofit, donor-supported organization that has raised and invested hundreds of millions of dollars to help develop cystic fibrosis therapies that have changed the lives of people with this disease. Nearly every CF medicine available today was made possible because of Foundation support. 


Self-motivated individual who is skilled in system audit, information technology (IT) compliance reviews, IT internal controls, system business processes, and/or data extraction and evaluation. Plan, execute, and lead assigned IT audits which may include reviews of general controls, application controls, technical controls, and systems implementations. Participate in integrated financial and operational audits to evaluate application controls, critical system functionality, and other IT related areas of risk. Participate in status meetings with IT Security Director to monitor and report on remediation of prior IT audit observations; test to validate status as appropriate. 


  • Plan and execute assigned tasks and activities in support of information systems audits to determine the adequacy and effectiveness of internal controls.
  • Lead audit kick-off, closing, and other client meetings, presenting observations and conclusions relevant to the overall scope of the review.
  • Participate in integrated financial and operational audits to evaluate automated application controls, critical system functionality, and other IT related areas of risk.
  • Prepare electronic work papers by the Internal Audit group’s standards.
  • Lead the gathering and organization of background and other information to properly plan the audit.
  • Lead walkthrough meetings with business unit contacts and assess the design of ITGCC’s.
  • Prepare Internal Audit reports, summarizing the scope of reviews conducted and noted observations.
  • Work with business unit management to ensure management responses will adequately address reported issues.
  • Work with business units to document existing ITGCC’s for RCM development in support of Internal Audit and Risk Management; identify control gaps to provide value-add recommendations related to the improvement of the control environment.
  • Participate in status meetings with IT Security Director (and others as necessary) to monitor and report on remediation of prior IT audit observations; develop and validate remediation plans by providing effective challenge.
  • Serve as IT subject matter expert for the Internal Audit and Risk Management teams.

Additional Responsibilities:

  • Communicate with clients to build and maintain relationships and communicate audit status.
  • Develop relationships with management personnel to build rapport and to better understand company operations.
  • Provide coaching to Internal Audit and Risk Management staff regarding identification and management of IT risks.
  • Work with the business to develop areas of continuous monitoring and data analytics.
  • Understand and articulate risks associated with information technology processes and ITGCC’s, and identify process and control gaps proactively.
  • Liaise across relevant business, technology, and control functions to challenge technology risk decisions and assumptions.
  • Monitor the status of the engagement.
  • Serve as primary liaison to the IT client.
  • Provide status reporting for delivery to the client.
  • Confidently communicating control recommendations to client.
  • Maintains/improves knowledge and skills through training; identifies outside training needs/opportunities.
  • Ability to concentrate for 95% of work time, understand overall surrounding circumstances, and apply good judgment.


  • Bachelor’s degree in an IT related field, Accounting, Finance, Business or a related discipline required.
  • 2-4 years of experience related to information technology, including a minimum of 2 years of auditing experience required (ideally two of those years will be directly related to IT Audit). Master’s degree in related discipline or CISA may substitute for one year of required experience.
  • CISA or CIA preferred.
  • Continuous monitoring/data analytics experience strongly preferred.
  • Technical understanding and strong knowledge of accounting principles, audit techniques, risk management processes and procedures, information technology, and system controls.
  • Ability to present ideas logically and concisely to diverse internal audiences at all organizational levels, both verbally and in writing.
  • Excellent interpersonal skills, including the ability to resolve conflicts, persuade decision makers, motivate people, inspire teamwork, and influence groups.
  • Strong organizational skills complemented by a profound sense of personal responsibility and initiative.
  • Ability to work independently and proactively identify opportunities for improvement.
  • Strong analytical and critical thinking skills.
  • Experience with data extraction, validation, testing, and analysis.
  • Familiarity with current trends in information technology.


Professional Level

None specified

Minimum Education Required

No requirement

How To Apply