We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
#alert
Back to search results

Senior Analyst, Application Audit & Controls (Hybrid Schedule)

Howard Hughes Medical Institute (HHMI)
United States, Maryland, Chevy Chase
4000 Jones Bridge Road (Show on map)
January 23, 2023
Primary Work Address: 4000 Jones Bridge Road, Chevy Chase, MD, 20815 Current HHMI Employees, click here to apply via your Workday account.

HHMI is focused on supporting and moving science forward in a variety of different ways ranging from conducting basic biomedical research, empowering educators, inspiring students, developing the next generation of scientists - even stretching into film and media production. Our Headquarters is in the greater Washington, DC metro area and is home to over 300 employees with expertise in investments, communications, digital production, biomedical sciences, and everything in between. The work housed here supports and augments the groundbreaking research conducted in HHMI labs across the nation. As HHMI scientists continue to push boundaries in laboratories and classrooms, you can be sure that your contributions while working here are making a difference.

About The Role:

As an Application Audit & Controls Analyst, you will apply your audit experience as well as your knowledge of application controls and IT General controls to continuously strengthen the security posture of our most critical business systems. This is a hands-on role, working directly in our applications to identify control weaknesses and partnering with developers and business owners to craft and implement solutions to reduce risk. We are targeting an auditor who enjoys delving into the nuances of application configurations and working in a collaborative and welcoming environment.

What We Provide:
  • One to one mentorship with the Senior Manager of Business Systems Risks and Controls

  • Dedicated opportunities for growth and self-development (including Workday and other technology certifications/training as appropriate)

  • Hybrid schedule with flexible hours

  • A competitive compensation package, with comprehensive health and welfare benefits!

What You'll Do:
  • Perform periodic user access reviews across core business systems and work closely with business owners to address role-based access and other control issues.

  • Partner with Business Systems analysts to identify and resolve risks associated with access permissions and other control weaknesses in system configurations.

  • Perform full scope audits of new applications, new system functionalities and features.

  • Support both internal and external audit functions as a point of contact for PBCs, audit inquires, process walkthroughs, and other documentation requests.

  • Continuously review Workday configurations for data privacy, privileged access, and separation of duties issues. Resolve issues identified by the Kainos Smart Audit tool and maintain adequate supporting documentation for actions taken. Proactively identify new areas of risk for monitoring within the tool to improve audit coverage.

  • Ensure that change control procedures are followed for high-risk system configuration changes and other activities.

  • Assist with ad hoc audits or other internal control reviews.

  • Collaborate with IT Compliance and Internal Risk Management functions on risk assessments and operational audits.

What You Bring:
  • Three to five years relevant professional experience in an internal or external audit role, IT compliance, or related field.

  • Certified Information System Auditor (CISA), Certified Public Accountant (CPA), Certified Fraud Examiner (CFE), Certified Internal Auditor (CIA), or similar certifications preferred.

  • Experience preparing written work products that communicate findings and recommendations concisely and efficiently.

  • Experience auditing large ERP systems (Workday experience is a plus)

  • Practical work experience with either a public accounting firm or internal audit department for a mid-large size company preferred

  • Solid grasp of Application Controls and IT General Controls.

  • Ability to analyze access permissions and system configurations to identify separation of duties conflicts, extraneous access rights, and control issues across automated workflows.

  • Ability to design and implement internal controls to mitigate risk exposures.

  • Advanced collaboration skills and experience building relationships with employees at all levels of an organization.

  • Familiarity with security frameworks such as NIST, SOC2, ISO27001

Physical Requirements:

Remaining in a normal seated or standing position for extended periods of time; reaching and grasping by extending hand(s) or arm(s); dexterity to manipulate objects with fingers, for example using a keyboard; communication skills using the spoken word; ability to see and hear within normal parameters; ability to move about workspace. The position requires mobility, including the ability to move materials weighing up to several pounds (such as a laptop computer or tablet).

Persons with disabilities may be able to perform the essential duties of this position with reasonable accommodation. Requests for reasonable accommodation will be evaluated on an individual basis.

Please Note:

This job description sets forth the job's principal duties, responsibilities, and requirements; it should not be construed as an exhaustive statement, however. Unless they begin with the word "may," the Essential Duties and Responsibilities described above are "essential functions" of the job, as defined by the Americans with Disabilities Act.

Compensation and Benefits

Our employees are compensated from a total rewards perspective in many ways for their contributions to our mission, including competitive pay, exceptional health benefits, retirement plans, time off, and a range of recognition and wellness programs. Visit our site to learn more.

Compensation Range

$86,036.80 (minimum) - $107,546.00 (midpoint) - $139,809.80 (maximum)

Pay Type:

Annual

HHMI's salary structure is developed based on relevant job market data. HHMI considers a candidate's education, previous experiences, knowledge, skills and abilities, as well as internal equity when making job offers. Typically, a new hire for this position in this location is compensated between the minimum and the midpoint of the salary range.

Applied = 0

(web-87c6d78c9-gp86n)