The mission of Brookhaven National Laboratory (BNL) Internal Audit is to provide independent, objective assurance and consulting services designed to add value and improve the organization’s operations. It helps the organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Internal Audit has an exciting opportunity for an experienced auditor with a specialization in Information Technology. The successful candidate plans and executes IT audit projects designed to provide an assessment of internal control processes and operational performance.  NOTE: this is a hybrid work arrangement (office is based on Long Island, NY (Upton, NY)). The selected applicant must live within a reasonable distance for commuting to the assigned work location when necessary.

Essential Duties and Responsibilities:

• Executes complex IT audits across infrastructure, applications, cybersecurity, and governance processes, ensuring audits are completed on time and in accordance with internal standards and professional guidelines.

• Conduct risk-based audit planning, including development of risk assessments, audit scopes, test plans, and control evaluations.

• Identify and evaluate technology-related risks and controls, providing assurance that governance and security mechanisms are functioning effectively.

• Demonstrate strong knowledge of complex IT environments and apply industry trends, emerging risks, and best practices to audit execution.

• Prepare detailed, well-organized audit documentation and present audit findings and recommendations to department leadership and business management.

• Perform audits in accordance with the IIA Standards for the Professional Practice of Internal Auditing, NIST guidance, and applicable regulatory frameworks.

• Participate in reviews of systems under development or undergoing major changes.

• Contribute to identifying and refining audit coverage of emerging technology risks and potential areas for future audits.

• Provide support for data analytics initiatives within the Internal Audit team, including the development or review of analytics used to monitor or evaluate controls and risk indicators.

• Support or lead special projects such as fraud investigations, targeted risk reviews, or IT control consultations.

• Participate in financial, operational, and integrated audits, especially where IT plays a supporting role, and other duties as may be assigned. 

Position Requirements:

• Bachelor’s degree in Computer Science, Information Systems, Accounting, Finance, or a related field; or equivalent experience generally based on the basis of 2:1(experience: college) years, relevant work experience may substitute education (2:1 ratio).

• Minimum 6 years of experience performing audits including at least 2 years specifically in IT auditing, including experience leading audit engagements and presenting results to senior management.

• Demonstrated experience with the NIST Risk Management Framework (RMF) and deep understanding of NIST SP 800-53 Rev. 5 controls.

• Strong knowledge of IT risk assessment methodologies, control evaluation techniques, and regulatory compliance in federal or highly regulated environments.

• Professional certification required: Certified Information Systems Auditor (CISA); additional certifications such as CISSP, CRISC, or CISM are preferred.

• Proven ability to audit across a variety of IT areas, including cloud security, logical and physical access, change management, cybersecurity, application controls, and system development lifecycle (SDLC).

• Familiarity with common platforms such as Windows, Linux, and major cloud service providers (e.g., AWS, Azure).

• Clear and concise written and verbal communication skills, with the ability to clearly convey technical risks and control recommendations to both technical and non-technical audiences.

• Ability to work independently, manage multiple priorities, and deliver high-quality results under minimal supervision.

• Proficiency with Microsoft Office applications (Excel, Word, PowerPoint, Outlook, Access, Visio); advanced Excel or other data analytics tools preferred.

• Security clearance requirements: Must undergo and receive a favorable disposition in a preliminary background investigation (criminal, credit, prior employment, etc.); must be able to obtain and maintain a U.S. Department of Energy Q-level security clearance which requires that you: be a US citizen; have no felony convictions or other serious offenses; have an honorable discharge from military, and a good credit history.  Obtaining and maintaining a security clearance is condition of employment.

Preferred Knowledge, Skills, and Abilities:

• Eight (8) years of experience performing Audits.

• Experience supporting or developing data analytics programs within an audit or risk function.

• Familiarity with TeamMate+ or other audit management systems.

• Advanced degree in a relevant field (e.g., MBA, MS in Information Systems, Cybersecurity, or Accounting).

• Experience with IT audit automation or continuous monitoring practices.

• Understanding of other frameworks such as COBIT, ISO 27001, or PCI-DSS.

• Experience leading teams in the performance of projects.

Additional Information:

• This is an on-site position eligible for consideration of flexible work arrangement (hybrid telework) at the discretion of the manager/dept chair.

• Visa sponsorship for this position is not available.

Brookhaven National Laboratory is committed to providing fair, equitable and competitive compensation. This is a multi-level role and the full salary range for this position is $99850 - $138000 / year. You will be placed at the level and salary commensurate with your experience.  Salary offers will be commensurate with the final candidate’s qualification, education and experience and considered with the internal peer group.