Important Application Submission Information

In order to ensure your application is successfully received before the job posting expires, please submit your application by 11:59 PM on Friday, April 24, 2026

More than a career - a chance to make a difference in people's lives.

Build an exciting, rewarding career with us – help us make a difference for millions of people every day. Consider joining the Duke Energy team, where you'll find a friendly work environment, opportunities for growth and development, recognition for your work, and competitive pay and benefits.

Duke Energy’s Corporate Audit Services Department delivers world-class internal audit services that enable Duke Energy to achieve superior performance. You will work in high-performing teams that add value, drive effective risk management, and facilitate constructive change while also focusing on employee and professional development.

The IT Audit Consultant is responsible for conducting complex cybersecurity and IT audit assignments under the supervision of an in-charge auditor. Working collaboratively within a team, the consultant participates in a variety of audit activities, including risk assessments, development of audit test plans, data collection and analysis to reach informed conclusions, preparation of audit deliverables to substantiate findings, and communication of identified issues. The role involves frequent interaction with individuals at multiple levels of management, both within and outside the department, as well as occasional engagement with third-party vendors. Audits typically last for 6 to 8 weeks and involve varying subjects, risks, audit clients, and team members. The IT Audit Consultant leverages a comprehensive set of technical IT skills to evaluate risk and identify potential cyber and IT-related issues across disciplines such as applications, databases, infrastructure, and cybersecurity.

Responsibilities

Operate effectively within a collaborative team environment, contributing to the successful execution of cyber and IT-related assurance and advisory engagements by ensuring the delivery of high-quality audit documentation and deliverables. Responsibilities include testing, documenting, and evaluating cyber and IT general computing controls, as well as analyzing relevant risks associated with data, applications, infrastructure, and cloud technologies across both IT and Operational Technology (OT) environments. Successful candidate will be responsible for:

• Gathering and evaluating information using logical thinking to reach appropriate conclusions

• Assessing the design and operating effectiveness of processes with an appropriate level of professional skepticism

• Monitoring and tracking the progress of post-audit action plans, and conducting follow-up procedures to confirm implementation and risk mitigation

• Leveraging data analytics to identify areas of significant risk and enhance customer value

• Develop and sustain strong relationships with audit clients at all management levels

Collaborate with other internal audit professionals on improvement initiatives aimed at improving productivity, efficiency, and quality within Corporate Audit Services.

Basic/Required Qualifications

Bachelor’s or Master’s degree in Computer Science, Business Administration, Finance or other related degrees (e.g. Accounting, Engineering, Economics, Computer Science).

Three or more years work related experience

Job specific key skills/experience/certifications

Cybersecurity; Internal Auditing; IT Audit.

Holds or is working towards a Certified Information Systems Auditor, Certified Information Systems Security Professional, Certified Information Privacy Professional, Project Management Professional, Professional Engineer, or Certified Fraud Examiner certification

Desired Qualifications

• Prior IT audit experience in a professional services firm or fortune 500 company

• Advanced knowledge in relevant cybersecurity and information technology fields such as general cloud cybersecurity, Active Directory, Windows/UNIX, databases (Oracle, SQL, DB2), SAP, application development/system development life cycle, network security, NERC CIP, People Soft or Maximo

• Advanced degree, such as an MBA or Masters in Information Security

• Demonstrated ability to communicate clearly, concisely, and accurately using oral and written communications

• Ability to reason logically, analyze data presented, evaluate the impact of information collected, and draw appropriate conclusions

• Demonstrated ability to develop and maintain good working relationships with internal and external customers

• Ability to assess and determine risk impacts

• An understanding of system development life cycle

• Demonstrated functional audit knowledge and ability to apply auditing protocols

• Ability to work independently and balance multiple projects

• Ability to identify and assess risks and impacts

• Proficiency in data analytics tools

• Knowledge of Artificial Intelligence concepts, along with an understanding of its impacts and governance

Mobility Classification

• Hybrid

Travel Requirements:

5-15%

Relocation Assistance Provided (as applicable)

No

Represented/Union Position

No

Visa Sponsored Position

No

Please note that in order to be considered for this position, you must possess all of the basic/required qualifications.

Privacy

Do Not Sell My Personal Information (CA)

Terms of Use

Accessibility