Internal Audit Manager - IT & Information Security
The Group's Internal Audit team is building out its competencies in IT and Cybersecurity Audit in response to the growing cyber risks present in the many industries where The Group operates. The Internal Audit function plays a critical role in shaping our approach to IT and cyber risks by providing Management with independent and objective assurance over the company's IT activities. This is accomplished by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of risk management, control, and governance processes. In your role as Internal Audit Manager – IT and Information Security, you will utilize your experience, intelligence, and ingenuity to provide insightful and value–added audit recommendations to our IT and Cybersecurity functions.
Assist in developing the standards, competencies, and processes of the IT and Information Security Audit function within The Group Assist in the development and analysis of key metrics to identify trends in IT and Information Security Serve as a member of an audit team performing a number of engagements at various locations throughout the year Establish strong relationships with senior IT and Cybersecurity leadership, related controls groups, and business auditors Share knowledge, techniques, and toolsets with colleagues within the team to build Cybersecurity proficiency in the Audit Team Ensure timely preparation of all engagement deliverables, including risk assessments, audit workpapers, audit reports, follow–up reports, etc. Analyze existing and proposed cybersecurity legislation, regulatory announcements, and industry practices, to determine gaps and impact to the cybersecurity program.
Note: You do not need Audit experience but you do require strong technical skills and experience which is outlined below.
Undergraduate degree in Cybersecurity, Information Technology, Computer Science, or a related field At least 8 years of progressive Information Technology or Information Security experience Solid and demonstrable comprehension of data protection strategies, network and system vulnerabilities, Security Information and Event Management, malware, emerging threats, attacks, and vulnerability management Working knowledge of various security standards, such as SOC–1/SOC–2, NERC CIP, PCI, ISO 27001/27002, ISA/IEC–62443etc. Understanding of various IT/Cybersecurity frameworks, such as COBIT, COSO, NIST CSF, etc. Excellent problem–solving, analytical, and written/oral communication skills Outstanding interpersonal and relationship–building skills Native–level fluency in English (verbal and written) Ability to travel 70% of the year, for multiple weeks at a time and sometimes with short notice
Graduate degree in Cybersecurity, Information Technology, Computer Science, or a related field CISA, CISM, CISSP, CEH, or other similar qualifications Ethical or "white hat" hacking and/or "red team" experience Active Project Management experience, or knowledge of Project Management methodologies Prior experience in Internal or IT Audit