Manager, Internal IT Security Audit

***Hybrid, 3 days onsite, 2 days remote***

***We are unable to sponsor as this is a permanent full-time role***

A prestigious company is looking for a Manager, Internal IT Security Audit. This role will manage a team focused on IT security auditing, risk-based management auditing, and will have hire/fire responsibilities.

Responsibilities:

• Aid in the development of the risk assessment and comprehensive audit plan on an annual basis.
• Lead multiple audits and validations simultaneously.
• Defining and leading the execution of audit projects in accordance with the annual audit plan.
• Owning the audit quality, accuracy of results, and delivery in a timely manner.
• Ability to clearly articulate professional principles and standards (e.g., AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls.
• Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices.
• Lead and implement strategic initiatives related to new audit programs/processes, technology or other initiatives.
• Planning, leading and reporting for risk-based and special request audit assignments.
• Proactively identifying regulatory, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership.
• Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation.
• Manage a team of individual contributors

Qualifications:

• Bachelor s degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field.
• 5+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits.
• One of the following: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or equivalent.
• Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA).
• Consulting and/or accounting firm experience.
• Experience in Financial Services/Security Industry and working with regulations such as Regulation Systems Compliance and Integrity (Reg SCI).
• Microsoft Office applications
• Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software
• Familiarity with security tools such as: CyberArk, Splunk, SailPoint
• Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub