IT Audit - AVP Cyber SME
Cyber Assurance Technical SME, AVP – The Cyber Assurance Technical SME, AVP is a highly technical role within the IT audit team that leverages skills acquired as a technology or security professional combined with extensive audit and risk assessment experience in areas of high technical complexity. The role will serve as an advisor to other technical auditors within the department and drive initiatives designed to improve the effectiveness and efficiency of audit procedures.
As a key member of the team, you will:
- Work with an international team to evaluate cyber security risks across the organization.
- Drive 3rd line of defense initiatives to automate security assessments.
- Lead data driven evaluations of technology and security risk.
- Act as a trusted advisor to audit executives and technology leadership in evaluating State Street’s security posture.
- Collaborate with 1st and 2nd lines of defense technical and cyber SME’s to monitor key security initiatives and recommend control improvements to mitigate key risks.
- Develop technical security training roadmaps to help build technology and security audit skills across the Corporate Audit division.
- Prepare and review audit workpapers compliant with the division’s risk-based audit methodology.
- Translate complex technical issues in business terms and present key findings to senior leadership.
- Bachelors or associates degree in information systems, computer science, accounting or related field with 8 or more years professional experience
- Proficient in leading and supervising technology and security audits within the financial services industry, leveraging scripting and data analytics to improve audit effectiveness / efficiency.
- Experience using network security tools and implementing security assessment technologies.
- Deep understanding of network security and cyber security operations and threats, tactics and procedures commonly used to exploit security weaknesses across the network.
- Proficient in evaluating and testing internal controls and applying a risk-based audit approach.
- Expertise auditing certain technology-related areas such as:
- Perimeter/Internal Security Technologies (Firewalls, Intrusion Detection and Prevention Systems)
- Network Segmentation Solutions
- Data Loss Prevention technologies and support processes
- Vulnerability Scanning and Penetration Testing
- Threat Intelligence
- Insider Threat Programs
- Security Incident and Event Management (SIEM) Technologies
- Cyber Incident Response
- Encryption / Encryption Key Management
- Public Cloud Security (AWS, Azure, Google)
- Strong analytical, interpersonal, organizational and communication (verbal and written) skills
- One or more industry recognized certification (e.g., CISA, CISSP, AWS Solutions Architect, Cyber CSX)
- Fluency in English - written and spoken.
- Ready to travel up-to 20%\\
For further information, and to apply, please visit our website via the “Apply” button below.