Senior Manager - IT and Cyber Audit (Hybrid)

Description

We believe that inclusion helps us thrive and grow at United across our collaborative Finance teams consisting of Financial Planning & Analysis, Internal Audit, Treasury, Global Procurement, Controllership, Investor Relations and more. These teams provide the financial fuel that keeps our operation running from providing detailed analyses of financial planning, performance, and forecasts to managing our investments and financial strategies. Our Finance team plays an integral role in making our airline profitable and successful by meeting our financial goals.

Job overview and responsibilities

The Senior Manager - IT and Cyber Audit will direct and manage a team of auditors in executing IT, cyber, and integrated assurance audits, ensuring alignment with the annual internal audit plan. The position focuses on identifying systemic root causes and facilitating strategic adjustments to enhance business processes and risk management. Additionally, the Senior Manager - IT and Cyber Audit will support the development of technology and cybersecurity programs, fostering partnerships with management to understand and mitigate key business risks. This leader is also responsible for staff development and engagement, ensuring auditors are equipped with the necessary skills and knowledge to meet audit objectives effectively. Lastly, this leader will also oversee the development, implementation, and operation of a new digital risk assurance program, managing both international and US-based resources.

Audit Program Development and Project Management:

Manage a team of auditors performing both IT / cyber and integrated assurance audits and advisory projects in accordance with the annual internal audit plan

Execute IT and cyber audit procedures based on risk and impact to the business, across different applications, technologies and business processes, and in collaboration with internal and external partners and monitor completion of planned actions

Manage pre- and post-implementation reviews of major system implementations and transformational projects involving technology and cyber risk

Counsels and guides staff to ensure that approved audit objectives are met, and that adequate coverage is achieved

Ensures that audits address areas of concern relative to the goals, performance objectives, and impact of a variety of economic, financial, and managerial programs, in conformance with Company policies and procedures or sound business practices where no policies exist

Demonstrate ability to identify systemic root causes from one audit to the next and to assist management with end-to-end remediation and strategic adjustment

Support the development of the technology and cybersecurity program to deliver against strategic program objectives and enhance integrated project delivery. Help advance cyber assurance processes and techniques through red team principles, incorporation of security assessment tools, and enhanced technical testing.

Experience using cybersecurity assessment tools, for example burpsuite, snort, wireshark, password crackers, and other cyber reconessnence and ethical hacker tools

Staff Development and Engagement

Directly responsible for the management and development of up to 6 audit project leads, senior and staff auditors

Develop and retain audit staff, including career growth, training, goal setting and performance evaluations

Train audit team on audit standards, department procedures, and technical skills required for their position

Recruit and interview audit staff

Manages professional development opportunities, including internal and external training, professional association memberships, and networking events

Coaches and mentors staff, including supporting their technical development

Business Unit Relationship Development and Risk Assessment:

Proactively develops partnerships with management in order to understand business objectives, key business risks, business challenges, and management's ability to effectively manage risks.

Interacts with key stakeholders to better understand their business and strategy, demonstrating a commitment to continually improve the organization

Serve as a trusted business partner and advisor to United leadership and engage regularly to understand portfolios and emerging risks.

Serve on projects and committees to provide input to queries on internal controls and procedures

Works with the Internal Audit leadership team (including VP, MD, Director, and other members of the management team) to develop and complete the enterprise-wide risk assessment, ensuring the approach is based on company strategy, stakeholder insights, data analytics, and current industry best practices.

Please Note: This is a Chicago-based, hybrid role

Qualifications

What's needed to succeed (Minimum Qualifications):

• Bachelor's degree
• Information Systems, Cybersecurity, Data Science, Engineering, Business, Accounting, Finance or related field
• 7+ years of experience in IT, IT Audit, Cybersecurity and/or related field
• 3+ years experience as a people manager
• CISSP, CISA or comparable designation
• Proven knowledge of and skill in applying auditing principles and practices specific to IT and cybersecurity against common risk and control frameworks, including NIST 800-53, CSF, ISO 27001/2, COBIT, CIS, OWASP, MITRE
• Experience in managing complex strategic initiatives, influencing various stakeholders (including non- direct reports) to achieve strategic objectives and goals
• Highly organized and highly proficient in prioritization and overall program management
• Technical proficiency in working with analytical software such as Excel, Alteryx, Tableau, PowerBI, Spotfire, SAS, ACL, etc.
• Strong working knowledge of Microsoft applications such as Word, Excel, PowerPoint, Visio, Outlook and Access
• Strong problem-solving skills and ability to communicate effectively, both in written form and verbally
• Effective communication skills
• Highly developed, demonstrated teamwork skills
• Exceptional interpersonal and leadership skills with a demonstrated ability to gain the confidence of stakeholders
• Ability to build consensus and relationships with peers across the organization.

What will help you propel from the pack (Preferred Qualifications):

• Master's degree
• Internal Audit data analytics experience
• Experience using cybersecurity assessment tools, for example burpsuite, snort, wireshark, password crackers, and other cyber reconessnence and ethical hacker tools
• Direct experience in the transportation field
• Supervisory experience in the transportation field
• Proven knowledge of and skill in applying data analytics to audit projects
• Ability to code and develop prototypes in languages such as SQL, Python, Java, etc.
• Strong working knowledge of emerging trends which have an impact on data analytics as well as digital technology (cyber security, cloud, mobile, social media, IoT, etc)
• Knowledge of the International Professional Practices Framework (IPPF) promulgated by the Institute of Internal Auditors