Senior IT Audit Manager

The Sr IT Audit Manager is responsible for the execution of audit engagements, which includes planning, developing the project's scope, maintaining the budget and timeframes of the project to meet audit requirements, and ensuring department Standards are properly met. The role is responsible for their assigned staff's performance management process and recruiting and retention of staff for the audit team. The Sr IT Audit Manager provides input to improve operational efficiency and/or to enhance the design or operating effectiveness of the internal control environment. The role provides technical expertise, with a focus on cybersecurity, and performs supervisor related work including training new employees or those with lesser experience, reviewing work of others, and providing regular feedback and coaching to employees. The role is an integral part of the global technology team, responsible for interacting with Regulators, local and global Senior and Executive management, leveraging technical expertise to evaluate risk areas and ensuring that resources are properly aligned to audit these areas. These areas also include a focus on cybersecurity both from a business and technology aspect, and the further expansion of the cyber liaison program with the business audit teams.

Major Duties:

1. Coordinates and collaborates with the global technology audit team on the identification of risks and execution of audits part of the audit plan.

2. Functions in various roles on audit engagements, including leading audits, staffing audits and providing consulting or oversight functions based on the needs of the team

3. Manages internal audit projects related to Information Technology General Controls (ITGC), information security/cyber, business application, and integrated business audits

4. Provides technical expertise to the IT Audit Team and uses sound audit practices

5. Maintains familiarization and technical expertise with the assigned business unit(s) including organizational structure, personnel, activities and products, new product development, financial performance and risk and problem areas

6. Responsible for staying current on regulatory rules and changes within the industry

7. Interacts and partners with Senior and Executive Management to understand the risks within the business, business changes and other significant events that could significantly affect the business and/or the audit plan

8. May participate in targeted senior-level committees and client meetings, along with presenting to the corporate Audit and Business Risk Committees as well as the local/regional Audit Committee, Oversight Committee, Legal Entity Boards and Risk Committees

9. Communicates with Regulators, external auditors, and various regional risk committees within the Corporation as part of ongoing continuous monitoring which assists in managing the Audit Plan

10. Manages and performs special projects as assigned

11. Participates in meetings with business unit to discuss audit results

12. Communicates with partners at all levels, developing and presenting recommendations on operations and controls for the business unit

13. During audit engagements, assigns work to auditors, sets priorities and monitors activity

14. Conducts the performance management process for direct reports. Oversees the performance management process and ensures identification of training and development needs for the respective team members

15. Utilizes understanding of various Corporate units to ensure operations, services, and systems have proper audit controls in place (i.e., design of the control environment)

16. Reviews audit work including work paper documentation, findings and recommendations and the final report to ensure appropriate adherence to the Corporation's/Department's Policies and Standards and ensuring work is performed within established timeframes

17. Evaluates corporate management, business processes, business controls and operating practices during audits and consulting/monitoring engagements

18. Applies analytical skills to review information and determine potential control weaknesses.

• Knowledge of auditing in the financial services industry and basic accounting principles and related work experience• Solid understanding of ITGC and related processes (e.g., Configuration Management, Vendor Management)• Understanding of Information Technology Service Management (ITSM) controls (e.g., Incident Management, Problem Management)• Skills as needed to perform testing of application controls (e.g., Application Security Testing, Interface Controls)• Skills as needed to perform testing of information security and cybersecurity controls (e.g., Penetration Testing, Security Information and Event Monitoring, Data Security)• Knowledge of risks related to newer technologies (e.g., Infrastructure as Code, Cloud Access Management, Kubernetes, Containers, CI/CD)• Knowledge of financial industry standards and frameworks (e.g., NIST CSF, FFIEC, GDPR)• Knowledge of cloud environments and related technologies (e.g., Microsoft Azure, Amazon Web Services, Google Cloud)• Professional certifications (e.g., CISA, CISSP, CCSP) • Strong analytical, leadership, and organizational skills are needed• Strong report writing and work paper documentation skills• A College or University degree and/or entry level auditing experience in a financial institution is preferred.• Adept auditing and/or systems experience in a financial institution, or similar public accounting experience in the financial services industry.