Our Fortune 200 Client is building a leading information-based technology company.  Guided by their shared values, they thrive in an environment where collaboration and openness are valued. They believe that innovation is powered by perspective and that teamwork and respect for each other leads to superior results. They elevate each other and obsess about doing the right thing. Their associates serve with humility and a deep respect for their responsibility in helping their customers achieve their goals and realize their dreams.  The chosen candidate will receive an excellent work/life balance, tremendous opportunity for professional growth from within, an excellent benefits package that includes free onsite daycare and gym, unlimited sick days and extensive PTO and Holiday time off, and a 100% match on the first 7.5% contributed to their 401k.

Manager, Audit – Information Security / Cybersecurity

Corporate Audit Services (CAS), the Internal Audit function within our Client, is a dedicated group of audit professionals focused on delivering top quality assurance services to the organization’s Audit and Risk Committees. The CAS department is considered one of the leading internal audit functions within the US and is highly regarded within the organization. CAS professionals are experienced, well-trained and credentialed, and operate within a highly collaborative team environment to deliver value added opinions, recommendations, advice and counsel. In addition, the CAS prides itself on having a dynamic and challenging atmosphere for both personal growth and professional opportunity.

Our client is seeking an energetic, self-motivated Information Systems (IS) Audit Manager interested in becoming part of our Corporate Audit Services team. As a member of the IS Audit team, the candidate will focus on the cyber and information security protections associated with emerging technologies (e.g., cloud, APIs), digital capabilities (e.g., mobile), and core infrastructure. In addition, the Manager will work closely with members of the IS and operational audit teams as it relates to assessment of applications and corresponding technology that support key processes. Each audit enables the candidate to demonstrate business, technical and industry knowledge while assessing business risks, identifying key controls, and performing risk-based testing of technology controls. The candidate will also facilitate knowledge sharing of best practices and industry trends to team members, and contribute to thought leadership activities within the IS Audit team. The candidate will work independently, with guidance from Audit management as needed. Career development and growth opportunities exist through our established training programs within the Corporate Audit Services team, as well as in Technology and business functions. The candidate will be expected to maintain all organizational and professional ethical standards.

Responsibilities:

– Leads audits or significant components of cyber and information security audits and projects, as well as components of integrated audits with significant security considerations, such as enterprise security architecture, information security policy and standards, network infrastructure security, server/database security, web application security, mobile device security, and encryption.

– Monitors emerging technologies and associated risks. Networks with peers from other organizations to stay in front of emerging cyber and information security risks and associated trends.

– Designs and executes internal control testing for audits, demonstrating a degree of audit expertise consistent with experience level. Understands the broader context and implications of the various risks affecting the business. Well versed in information security standards and industry guidelines (e.g., ISO27000, NIST Cybersecurity Frameworks, PCI)

– Leverage available data and analytical tools during the planning, fieldwork, and reporting phases of audit delivery.

– Establishes and maintains good auditee relations during engagements. Identifies the expectations of the auditee and takes actions to support the auditee experience.

– For major components of audits, assesses relevancy of audit findings, potential exposures, materiality, improving or deteriorating trends, and demonstrates awareness of big picture issues. Interprets business priorities, anticipates issues and obstacles, and applies to scope of role. Identifies and implements efficiencies in executing test work.

– Manages timely and quality delivery of multiple tasks, including audits, projects, special assignments, and administrative tasks. Self-prioritizes and independently completes multiple tasks across the team and department. Demonstrates the ability to successfully meet deadlines for the audit engagement.

– On audit engagements, facilitates teamwork, coordinates and leverages available resources to complete engagements on time. Builds and utilizes relationships outside immediate Corporate Audit Services team to improve overall quality.

– Effectively communicates audit process scope, protocol, issues, risks and recommendations to clients during kick-off, periodic status updates, and exit meetings

Here’s what we’re looking for in an ideal teammate:

• You believe insight and objectivity are core elements to providing assurance on the effectiveness and efficiency of our Client’s governance, risk management, and internal control processes.
• You adapt to change, embrace bold ideas, and are intellectually curious. You like to ask questions, test assumptions, and challenge conventional thinking.
• You develop influential relationships based upon shared risk objectives and trust to deliver outstanding business impact and elevate Audit’s value proposition.
• You’re a firm believer that a rich understanding of data, innovation, and technical knowledge will only make you a better Auditor. This will require leveraging the power of data analytics and furthering your technical know how, so you’ll want to ensure that technology doesn’t scare you off.
• You’re a teacher. You have a passion for coaching and investing in the betterment of your team.
• Lastly, you create energy and an environment that make it easy to attract, hire, and retain top talent.

Basic Qualifications:

• At least 5 years of experience in information systems auditing, at least 5 years of experience in information systems risk management, or a combination
• At least 2 years of experience managing audit engagements
• Master’s Degree in Accounting or Master’s Degree in Finance or Master’s Degree in Information Systems or Master of Business Administration
• 4+ years of working knowledge of information security control frameworks and conducting corresponding audit procedures
• 1+ years of experience with data analytics tools in support of internal audit
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH) or similar cybersecurity certification

Preferred Qualifications:

• At least 3 years of experience working with cyber and information security risks and controls including vulnerability management, network security and mobile security
• Bachelors Degree or military experience
• As one of the “100 Best Companies to Work For,” you can look forward to coming to work every day with a team of people that are committed to excellence and doing the right thing.