Senior IT Audit Manager

The Senior IT Audit Manager is responsible for the execution of information technology and cybersecurity audit engagements, which includes planning, developing the audit scope, maintaining the budget and timeframes of the project to meet audit requirements, and ensuring department Standards are properly met. The role is a direct report to an Audit Manager and is responsible for their assigned staff's performance management process and recruiting and retention of staff for the audit team. The Senior IT Audit Manager provides input to improve operational efficiency and/or to enhance the design or operating effectiveness of the internal control environment. The role provides professional expertise and performs supervisor related work including training new employees or those with lesser experience, reviewing work of others, and providing regular feedback and coaching to employees.

Principal Responsibilities

• Functions in various roles on audit engagements including leading audits, performing audits and providing consulting and oversight functions based on the needs of the team
• Review audit work including workpaper documentation, findings and recommendations, and final audit reports to ensure adherence to the Corporation’s/Department’s Policies and Standards and ensuring work is performed appropriately within established timeframes
• Lead a team of information technology and information security professionals by overseeing and supporting the team through guidance, coaching and mentoring
• Foster professional development and career growth of team members through ongoing feedback and annual performance reviews to ensure job duties are performed, quality expectations are met, and training and development needs are identified and supported
• Provides technical expertise to the IT Audit Team on the use of sound IT audit practices
• Maintains familiarization and technical expertise with the assigned business unit(s) including organizational structures, key personnel, ongoing activities and products, new product development, financial performance and risk and problem areas
• Interacts and partners with Senior and Executive Management to understand risks within the business and the impact of operational changes or other significant events that could affect the business and/or the audit plan
• Manages and performs special projects as assigned
• Engage with business units to discuss audit results and monitor issue remediation progress
• Communicates with partners at all levels, developing and presenting recommendations on operations and controls for the business unit
• Responsible for staying current on regulatory rules and changes within the industry
• Utilizes understanding of various Corporate units to ensure operations, services, and systems have proper controls in place (i.e., design of the control environment)
• Evaluates corporate management, business processes, business controls and operating practices during audits and consulting/monitoring engagements
• Applies analytical skills to review information and determine potential control weaknesses
• Participates in the planning, budgeting, and implementing of strategic IT Audit Team objectives and initiatives
• Nurture the overall team spirit of the technology audit function as we continue to grow and develop

• Knowledge and experience performing risk-based information technology and/or information security audits; experience auditing within the financial services industry is a plus
• Comprehensive understanding of ITGC and related processes (e.g., Configuration Management, Vendor Management, Access and Identity Management)
• Understanding of Information Technology Service Management (ITSM) controls (e.g., Change Management, Incident Management, Problem Management)
• Skills as needed to perform testing of application controls (e.g., BC/DR, Application Security Testing, Interface Controls)
• Skills as needed to perform testing of information security and cybersecurity controls (e.g., Identity and Access Management, Incident Response, Network Security)
• Knowledge of cloud environments and related technologies (e.g., AWS, Azure, Google Cloud)
• Knowledge of risks related to newer technologies (e.g., Infrastructure as Code, Cloud Access Management, Kubernetes, Containers, CI/CD)
• Knowledge of IT and cybersecurity regulations, standards and industry frameworks (e.g., NIST CSF, FFIEC, GDPR, ITIL)
• Experienced in the documentation, reporting, and presentation to senior management and operating committees
• Professional certifications (e.g., CISA, CISSP, CCSP) desired
• Strong analytical, leadership, and organizational skills are needed
• Strong report writing and work paper documentation skills

Required Experience

• College or University degree is preferred
• Minimum 5 years’ experience in Information technology or cybersecurity auditing (or equivalent experience) preferably in a financial institution, public accounting company or other large, complex or global organization

About Northern Trust:

Northern Trust provides innovative financial services and guidance to corporations, institutions and affluent families and individuals globally. With more than 130 years of financial experience and over 20,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service.

Working with Us:

As a Northern Trust partner, you will be part of a flexible and collaborative work culture, which has a strong history of financial strength and stability. Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company that is committed to strengthening the communities we serve!

We’d love to learn more about how your interests and experience could be a fit with one of America’s best banks and most sustainable companies! Build your career with us and apply today.

For further information, and to apply, please visit our website via the “Apply” button below.