Important Application Submission Information
In order to ensure your application is successfully received before the job posting expires, please submit your application by 11:59 PM on Friday, April 24, 2026Build an exciting, rewarding career with us – help us make a difference for millions of people every day. Consider joining the Duke Energy team, where you'll find a friendly work environment, opportunities for growth and development, recognition for your work, and competitive pay and benefits.
Duke Energy’s Corporate Audit Services Department delivers world-class internal audit services that enable Duke Energy to achieve superior performance. You will work in high-performing teams that add value, drive effective risk management, and facilitate constructive change while also focusing on employee and professional development.
The IT Audit Consultant is responsible for conducting complex cybersecurity and IT audit assignments under the supervision of an in-charge auditor. Working collaboratively within a team, the consultant participates in a variety of audit activities, including risk assessments, development of audit test plans, data collection and analysis to reach informed conclusions, preparation of audit deliverables to substantiate findings, and communication of identified issues. The role involves frequent interaction with individuals at multiple levels of management, both within and outside the department, as well as occasional engagement with third-party vendors. Audits typically last for 6 to 8 weeks and involve varying subjects, risks, audit clients, and team members. The IT Audit Consultant leverages a comprehensive set of technical IT skills to evaluate risk and identify potential cyber and IT-related issues across disciplines such as applications, databases, infrastructure, and cybersecurity.
Responsibilities
Operate effectively within a collaborative team environment, contributing to the successful execution of cyber and IT-related assurance and advisory engagements by ensuring the delivery of high-quality audit documentation and deliverables. Responsibilities include testing, documenting, and evaluating cyber and IT general computing controls, as well as analyzing relevant risks associated with data, applications, infrastructure, and cloud technologies across both IT and Operational Technology (OT) environments. Successful candidate will be responsible for:
Gathering and evaluating information using logical thinking to reach appropriate conclusions
Assessing the design and operating effectiveness of processes with an appropriate level of professional skepticism
Monitoring and tracking the progress of post-audit action plans, and conducting follow-up procedures to confirm implementation and risk mitigation
Leveraging data analytics to identify areas of significant risk and enhance customer value
Develop and sustain strong relationships with audit clients at all management levels
Collaborate with other internal audit professionals on improvement initiatives aimed at improving productivity, efficiency, and quality within Corporate Audit Services.
Basic/Required Qualifications
Bachelor’s or Master’s degree in Computer Science, Business Administration, Finance or other related degrees (e.g. Accounting, Engineering, Economics, Computer Science).
Three or more years work related experience
Job specific key skills/experience/certifications
Cybersecurity; Internal Auditing; IT Audit.
Holds or is working towards a Certified Information Systems Auditor, Certified Information Systems Security Professional, Certified Information Privacy Professional, Project Management Professional, Professional Engineer, or Certified Fraud Examiner certification
Desired Qualifications
Prior IT audit experience in a professional services firm or fortune 500 company
Advanced knowledge in relevant cybersecurity and information technology fields such as general cloud cybersecurity, Active Directory, Windows/UNIX, databases (Oracle, SQL, DB2), SAP, application development/system development life cycle, network security, NERC CIP, PeopleSoft or Maximo
Advanced degree, such as an MBA or Masters in Information Security
Demonstrated ability to communicate clearly, concisely, and accurately using oral and written communications
Ability to reason logically, analyze data presented, evaluate the impact of information collected, and draw appropriate conclusions
Demonstrated ability to develop and maintain good working relationships with internal and external customers
Ability to assess and determine risk impacts
An understanding of system development life cycle
Demonstrated functional audit knowledge and ability to apply auditing protocols
Ability to work independently and balance multiple projects
Ability to identify and assess risks and impacts
Proficiency in data analytics tools
Knowledge of Artificial Intelligence concepts, along with an understanding of its impacts and governance
#LI-PG1
#LI-Hybrid
Travel Requirements
5-15%