Audit Manager - IT/Security
Develops and independently performs complex work assignments and problem resolution in support of risk–based assurance and advisory engagements and/or audit quality assessments in the field of business operations, finance, and compliance and/or information technology. Maintains a high degree of business contact through fieldwork, often serving as the principal fieldwork contact. Mentors junior staff auditors on audit excellence, to include theory and application of audit and/or business/information technology techniques. Adheres to the Institute of Internal Auditors' Standards and Code of Ethics.
- Leads and executes audit engagements from beginning to end (audit lifecycle of medium to high risk audit engagements,) to include understanding horizontal and vertical impacts across the entire audit organization (i.e. ability to cross matrix).
- Manages engagement–related efforts and assignments of staff with varying degrees of expertise and experience when conducting engagements as the Auditor–in–Charge (AIC).
- Provides coaching and guidance to junior auditors ensuring timeliness and quality of audit engagement deliverables.
- Updates engagement risk assessments utilizing current data.
- Ensures and develops content of audit report and business monitoring.
- Reviews work papers and delivers audit team engagement performance evaluations. Conducts or assists with leading special reviews, investigations, monitoring activities, and work for external auditors and/or regulators.
- Builds and develops relationships both internally within Audit Services and externally with clients and control partners to help drive strategic objectives with the business.
- Ensures engagements are completed objectively, professionally, and in accordance with corporate and industry audit standards.
- Provides guidance on the use of various business systems, applications, and/or audit tools to create queries and ad hoc reports.
- Reviews, analyzes, and interprets data collected from multiple sources to ensure valid conclusions are drawn.
- Communicates with the business/clients; delivers difficult messages. May communicate with regulators and executive leaders.
- Identifies control weaknesses and opportunities for improvement in the current operating environment and recommendations for corrective action; drafts the related observations (business issues) and audit reports for issuance to respective client leadership and conducts follow–up activities as defined in the observations.
- May be responsible for execution of ITGC and/or application controls.
- Bachelor's degree in Accounting, Finance, Information Technology or other relevant field OR four additional years of related experience beyond minimum required may be substituted in lieu of a degree.
- 6 or more years of audit, financial, insurance, banking, information technology or related business experience.
- Advanced knowledge of Audit theory and demonstrated experience in audit execution.
- Advanced level business acumen in business operations, industry practices, and emerging trends.
*Qualifications may warrant placement in a different job level.*
When you apply for this position, you will be required to answer some initial questions. This will take approximately 5 minutes. Once you begin the questions you will not be able to finish them at a later time and you will not be able to change your responses.
- 6+ years experience in large financial services IT/Security internal audit department, or equivalent IT/Security audit experience to include top tier firm (Big 4, Protiviti, etc.)
- 2+ years experience leading end–to–end engagements as the Auditor–in–Charge (AIC) and/or leadership experience within the information technology or security fields
- Demonstrated knowledge of internal controls, business and information technology risks (focus on cyber security risk and controls evaluations) and/or audit techniques in a large financial services organization
- Demonstrated knowledge and practical experience of cyber security technologies including firewall, IDS/IPS, DLP, Proxies, anti–malware, CASB, email security, remote access, security baseline, SIEM, PKI, data encryption/tokenization???
- In depth knowledge of industry frameworks utilized for cyber security (NIST, ISO, etc)
- Demonstrated knowledge of the regulatory environment for relevant industry
- Advanced knowledge of Cyber Security, IT application controls, ITGCs, Mobile, Virtualization, WebSphere as well as IT infrastructure including databases, networks, operating systems
- Experience with audit engagement support tools including electronic workpapers
- Exceptional communication and project management skills
- Preferred designations include CISA (Certified Information Systems Auditor), CISSP (Certified Information Security Systems Professional), or other relevant business designations
The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job.
At USAA our employees enjoy one of the best benefits packages in the business, including a flexible business casual or casual dress environment, comprehensive medical, dental and vision plans, along with wellness and wealth building programs. Additionally, our career path planning and continuing education will assist you with your professional goals.
USAA also offers a variety of on–site services and conveniences to help you manage your work and personal life, including seven cafeterias, two company stores and three fitness centers.
Relocation assistance is available for this position.
For Internal Candidates:
Must complete 12 months in current position (from date of hire or date of placement), or must have manager's approval prior to posting.
Last day for internal candidatesto apply to the opening is 04/28/19 by 11:59 pm CST time.