Posted in

Senior Audit Manager – Cyber Technical – Technology Audit

Senior Audit Manager – Cyber Technical – Technology Audit

CompanyCapital One
LocationPlano, TX, USA, McLean, VA, USA, Richmond, VA, USA, Charlotte, NC, USA, New York, NY, USA
Salary$204900 – $280600
TypeFull-Time
DegreesBachelor’s
Experience LevelSenior, Expert or higher

Requirements

  • Bachelor’s Degree or military experience
  • At least 7 years of experience in information technology (resiliency and change management operations, software delivery, access management, information security, cloud computing)
  • At least 4 years of experience in managing audit engagements, project management or a combination
  • At least 4 years of experience leading a team to deliver initiatives, collection of work or a combination
  • At least 4 years of experience in analyzing data extracts to identify trends, patterns, and anomalies, including experience in test scripting, coding (writing, reviewing, or assessing) or a combination
  • At least 4 years of experience in information security (application security, network security, cyber security, data protection)
  • At least 4 years of experience in third party hosted technology controls (business continuity & disaster recovery, physical and environmental controls)
  • At least 2 years of experience in cloud computing and controls (design, operation, risk management, or auditing)
  • At least 2 years of experience in third party risk management and business continuity risk management.
  • At least 2 years experience of people management

Responsibilities

  • Proactively monitor the technology control environment for changing risks and necessary updates. Lead continuous monitoring activities and updates to risk assessments, audit universe, and audit plan.
  • Oversee multiple, concurrent Cybersecurity, IT Operations including key third party hosted services, and Cloud audits across assigned portfolios.
  • Develop engagement planning documentation and audit programs to ensure adequate coverage of risk and sufficient rationale for audit scope.
  • Supervise and coordinate work assignments amongst audit team members. Provide timely feedback, on-the-job training, and coaching to audit staff and direct reports.
  • Establish and maintain good relationships with key business and audit partners, particularly in third party risk and business continuity risk management. Leverage specialized knowledge and skills, providing management with insight into areas of technology, business continuity and third party risk. Effectively represent internal audit at management meetings, internal forums, and to external organizations.
  • Assess relevance of audit findings, potential exposures, materiality, improving or deteriorating trends, and demonstrate awareness of broader issues. Interpret business priorities, anticipate issues and obstacles, and apply to scope of role.
  • Deliver appropriate, succinct and organized information, tailoring communication style to audience. Effectively review and compile relevant, material findings and recommendations into readable and concise audit reports. Communicate complex results and implications, incorporating different perspectives into deliverables.
  • Manage timely and high quality delivery of multiple tasks, including audits, projects, special assignments, and administrative activities. Self-prioritize and independently complete multiple tasks across the team and department. Demonstrate the ability to successfully meet deadlines and identify/escalate impediments in a timely manner.

Preferred Qualifications

  • 8+ years of experience in information systems auditing, in information systems risk management, in technology operations, or a combination
  • Certifications related to or pursuing certification related to Cloud, Cyber or Technology Operations, such as Cloud provider certifications, Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM)
  • Certifications related to or pursuing certification related to Auditing, such as Certified Internal Auditor (CIA), or Certified Information Systems Auditor (CISA)
  • 7+ years of experience with IT control frameworks
  • 4+ years of experience auditing cyber or information security
  • 4+ years of experience auditing key third party service providers hosting critical enterprise applications
  • 4+ years experience in auditing or working in third party risk management and / or business continuity processes.
  • 4+ years experience in cloud computing (notably AWS, GCP, Azure) and controls, or 1+ years of conducting audits of controls in cloud-based environments
  • 4+ years of experience in risk and data management
  • 4+ years of experience performing data analysis in support of internal auditing
  • 2+ years of experience auditing emerging technologies