IT Auditor


SALARY: $58,556 - $100,394 Annually


CLOSING DATE: Continuous




The Maryland-National Capital Park and Planning Commission is a nationally recognized and award winning agency providing land use planning; stewardship of natural, cultural and historic resources; and delivery of recreation programs to the communities it serves. The agency operates in the Montgomery and Prince George's County Regions. Additional information on the agency can be found on


The agency is seeking an Auditor III (IT Auditor) within its Office of Internal Audit, Walker Dr., Greenbelt, MD. The successful candidate will be responsible for developing, conducting and overseeing the IT audit and compliance projects. The IT Auditor will analyze and evaluate the IT control environment for technology risks. This will include the design and operating effectiveness of infrastructure and application controls, security and general internal controls. The Commission has recently implemented the Lawson ERP and EAM applications. Specialized knowledge of these or other comparable ERP applications is preferred due to the system’s far-reaching integrated nature. The IT Auditor should be able to assess control issues raised by configuration and design decisions, business process controls, and access to transactions and system security.


Examples of Important Duties:


·          Execute IT audits, including development of audit plans and audit programs, facilitation of process interviews, documentation (work flows) of company processes and procedures, execution of internal controls testing, identification of risk, and communication of audit findings.

·         Prepare comprehensive audit work papers and internal audit reports reflecting the results of work performed, with agreed upon actions.

·         Perform advisory work for key processes or projects being implemented consisting of evaluating gaps and risk.

·         Perform pre-implementation system/application reviews to ensure compliance with SDLC procedures as well as applicable internal control requirements.

·         Participate in enterprise-wide risk assessment interviews with key stakeholders, assist with organization-wide risk assessment, including creation of risk surveys and analysis of other risk factors in the organization.


·         Demonstrate and apply strong project management skills, and use current technology and tools to enhance the effectiveness of deliverables and services.

·         Stay abreast of current business and industry trends relevant to employer’s industry and computing technologies.




1. Bachelor's degree in accounting, business administration, or related subjects or four years of experience in these areas, which was supplemented by eight college accounting courses; and


2. Four years of varied and progressively responsible accounting experience; or


3. An equivalent combination of education and experience.


4. Valid Maryland driver's license or the ability to acquire one.




A Bachelor's degree in Computer Science and/or Information Systems will also be considered.  Four years of varied and progressively responsible experience as an IT professional and/or IT Project/Program Manager will also be considered.


Our ideal candidate can demonstrate a working knowledge of or be able to assess:


·         Network configuration and security (endpoint security, IDS, SIEM)

·         Network and system access

·         Program change/configuration management processes

·         Mobile device management

·         System backup and disaster recovery program, processes and procedures

·         Complex compliance standards (e.g. PCI, MPIA)

·         Microsoft/Active Directory

·         Excellent communication (written and verbal) and presentation skills

·         Microsoft Office Suite including advanced Excel skills, Visio and Access

·         Ability to obtain CISA or CIA certification




Most of the work is performed in an office environment. Some work will be at field locations and not in an office environment. Employee at times will be required to work irregular hours in connection with audits of Commission activities which occur outside of regular working hours.