Summary
Reporting to the Chief Audit Executive, the IT Audit Manager will be responsible for leading and managing information technology and information security audit engagements through performing audit risk assessments, developing audit scope and programs, and supervising internal audit staff and external vendors as required.
The IT Audit Manager should demonstrate an advanced understanding of IT risk management, cyber security, technology architecture and other IT process areas.
Essential Duties and Responsibilities
The IT Audit Manager is responsible for planning and executing the Internal Audit department’s technology audits and supporting the IT audit practice, including:
- Comply with and stay abreast of all policies and procedures, as well as federal and state laws applicable to the job.
- Lead the execution of the Bank’s technology audits including risk assessment, planning, scoping, and delivering multiple audits with an emphasis on technology and cyber security process areas.
- Stay apprised, engaged, and trained in emerging technologies and technology risks to lead the development of IT risk assessments and audit programs.
- Lead the audit execution for technology audits by establishing relationships and coordinating with process owners to identify and test controls integral to safeguarding the Bank and identifying improvement opportunities.
- Working with the company's external auditors and federal and state regulators to support their periodic external audit and examination efforts.
- Manage the follow-up activities for remediation of issues identified and communicated to management.
- Build effective relationships with IT management, cyber security and incident response teams and other risk functions throughout the Bank.
- Manages the hiring, training and development of Internal Audit staff and any co-sourcing or consulting resources used by the department in accordance with the approved budgets for these engagements.
- Coordinates the audit plans, compliance reviews and Sarbanes Oxley internal control evaluations to reduce redundancy and provide an efficient and effective risk monitoring program with value added results.
- Prepares and reviews audit work papers, written audit reports, memos and recommendations for each audit project prior to submission to senior management and the SVP, Chief Audit Executive.
- Regularly interfaces and develops strong working relations with executive management to actively respond to changing risks/demands and represents the Internal Audit Department on various committees as required.
- Treats people with respect; keeps commitments; inspires the trust of others; works ethically and with integrity; upholds organizational values; accepts responsibility for own actions.
- Plays a positive role in the development and growth of assigned department staff through excellent communication skills, both verbal and written, along with strong delegation skills assuring a highly cross-trained staff.
- Provide, present and promote The Citizens Experience to all external and internal customers.
- Other duties as assigned.
Supervisory Responsibilities
This job will have direct supervisory responsibility. Carries out supervisory responsibilities in accordance with the organization’s policies and applicable laws. Responsibilities include interviewing, hiring, and training associates; planning, assigning, directing work, appraising performance, rewarding and disciplining associates, addressing complaints, and resolving problems.
Qualifications
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Education and/or Experience
Bachelor’s degree (B.A.) or equivalent from four-year College or university in computer science, computer engineering, management information systems, accounting information systems, or equivalent discipline; 5+ years of related experience and/or training at an and/or financial services company leading and conducting technology and cyber security audits; or equivalent combination of education and experience.
Language Skills
Ability to read, analyze, and interpret general business periodicals, professional journals, technical procedures, or governmental regulations. Ability to write reports, business correspondence, and procedure manuals. Ability to effectively present information and respond to questions from groups of managers, clients, customers, and the general public.
Mathematical Skills
Ability to work with mathematical concepts such as probability and statistical inference. Ability to apply concepts such as fractions, percentages, ratios, and proportions to practical situations and interpret and draw bar graphs.
Reasoning Ability
Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.
Computer Skills
Advanced Microsoft Office skills, including Word, Excel and PowerPoint. Visio knowledge a plus.
Certificates, Licenses, Registrations
At least one professional certification required, preferably multiple, such as CISA, CISSP, CISM, GSEC, GPEN, GSLC, or equivalent.
Other Qualifications
- Advanced knowledge and understanding of key IT and security policies, standards, and frameworks applicable to this role (COBIT, NIST, ISO 2700 series, CIS, OWASP, ITIL, PCI-DSS, etc.)
- Ability to understand and communicate highly technical issues to both technical and non-technical personnel supported by a strong understanding of concepts related to cyber security and technology.
- Strong project management and organizational skills, with the capability to work on multiple projects with minimal direction in a dynamic and fluid environment with rotating priorities.
- Pro-active, high energy and strong interpersonal skills with a team-focused attitude, demonstrating the ability to collaborate and compromise while building constructive and effective relationships
- Previous experience with attack and penetration testing and/or cyber incident response a plus.
- Ability to multi-task while meeting various deadlines and producing high quality work.
- Night and/or weekend work may be required to meet deadlines.
- Ability to travel 5% - 25% of the time.
Physical Demands
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the associate is regularly required to talk or hear. The associate is frequently required to stand; walk; sit; and use hands and fingers to handle or feel. The associate is occasionally required to reach with hands and arms, and stoop, kneel, crouch or crawl. The associate is regularly required to operate a computer keyboard, mouse, calculator and telephone and reach with hands and arms. The associate must occasionally lift and/or move up to ten (10) pounds.
Work Environment
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
The noise level in the work environment is usually moderate.
Salary Range:$104,061.00 To 150,888.00 Annually