The Internal Audit function provides the Bank with objective and independent assurance services. We work to support the Bank in its mission and help it achieve its objectives through proactive risk management. We have an exciting opportunity in our IT Audit group for an IT Audit Manager and this individual will be an integral part of our audit team to assist with identifying information technology risks and executing IT audits.
The IT Audit Manager should demonstrate an advanced understanding of IT, IT risk management, information security, IT architecture, and IT process areas. This individual will be responsible to lead and manage moderate to complex IT operational audits including performing risk assessments, developing audit scope and audit programs, executing audit programs, working independently, and supervising staff as required. The IT Audit Manager is responsible for evaluating risks and controls for IT infrastructure, cyber security, and related IT processes. This evaluation will be accomplished by conducting internal audits to include formal written reports for the communication of observations, risks, recommendations and conclusions. Responsibilities include the assessment and review of infrastructure, security, processes and technologies, and IT operations.
This role would be a best fit for a highly skilled individual with significant IT audit and/or information security experience at a Big 4 or reputable security consulting firm. If you have the right qualifications, a passion for technology, are deeply technical, can perform well with limited supervision, and build effective relationships across the organization, we would like to meet you.
Core Responsibilities Include:
The IT Audit Manager is responsible for planning and executing the Internal Audit department's IT operational audits and supporting the IT audit practice, including:
Scoping, planning, and executing IT operational audits with an emphasis on information/cyber security as well as other IT process areas
Stay apprised, engaged, and trained in emerging technologies and technology risks to feed into the development of IT risk assessments and audit programs.
Lead the audit execution for information security audit by coordinating with process owners to identify and test controls; validating process documentation; analyzing IT and business information to identify improvement opportunities.
Working with the company's external auditors and federal regulators to support their annual audit and examination efforts
Drives project completion by reviewing and overseeing the completion of audit work papers, reviewing compensating controls and offering recommendations on risk mitigation
Manage the follow-up activities for remediation of issues identified and communicated to management
Build effective relationships with IT management, cyber security and incident response teams, web application development teams, and other risk functions throughout the bank
Bachelor's and/or master's degree in computer science, computer engineering, management information systems, accounting information systems, or equivalent discipline.
5+ years of experience in leading and conducting audits and/or assessments of key IT domains including information systems, cyber security, SDLC (Agile & waterfall), network & infrastructure architecture, application security, business continuity/disaster recovery, penetration testing, data management, and related processes.
Demonstrates ability to discuss and understand information security issues. Has solid understanding across a variety of IT areas such as:
Data management, data protection, and data privacy
Business continuity and disaster recovery
Ability to understand and communicate highly technical issues to both technical and non-technical audiences supported by a strong understanding of concepts related to information security, architecture, and technology risks.
Familiarity and understanding of major professional security and audit frameworks and standards (NIST, ISO 27001, ITIL, COBIT, PCI-DSS, etc.)
At least one professional certification required, preferably multiple, such as CISSP, CISA, CISM, GSEC, GPEN, GSLC, or equivalent.
Strong project management and organizational skills, with the capability to work on multiple projects with minimal direction in a dynamic and fluid environment with rotating priorities
Pro-active, high energy and strong interpersonal skills with a team-focused attitude, demonstrating the ability to collaborate and compromise while building constructive and effective relationships
Previous experience with attack and penetration testing and/or cyber incident response a plus
Financial services industry and regulatory experienced preferred. Big 4 or security consulting firm experience preferred.
Internal Number: 6396315
About Silicon Valley Bank
eFinancialCareers is a career site specializing in financial services.