The Information Technology Risk Manager is responsible for conducting and documenting audits throughout the Corporation. This role leads audit project teams, which includes providing oversight to the audit team and communicating results of the engagement to management. The IT Audit Manager provides technical information security expertise and training to auditors within the engagement audit team and works closely with Leadership to confirm the scope of the audit and to devise an appropriate testing approach to be performed during the engagement.
Specific to this role, the Information Technology Risk Manager is also responsible for leading validation efforts for enhanced and newly implemented controls for information technology, data and cyber security under the bank's transformation projects.
The Key Responsibilities Of The Role Include
Leadership and Management
- Establishes and develops strong working relationships and open communication with key stakeholders
- Provides training, coaching, and auditing expertise to the audit team
- Accountable for own assignments and holding others accountable for theirs including proactively managing expectations
Audit Methodology
- Identify technology and cyber risk and controls within processes
- Lead internal audit projects related to IT controls, information security / cyber, pre/post system implementation, IT governance, and operational areas; drive consistency of methodology
- Assists with the development of the audit budget and/or timeframe for how the audit will be completed based on the objective and risk of the areas covered within the engagement
- Finalizes planning documents and conducts first level review of planning documents as required
- Coordinates with other audit teams (business unit, regional, and specialist) to ensure evaluations of related areas occur timely and cover key areas within the audit
- Demonstrates professional skepticism and comfort with questioning how certain processes are being performed in order to facilitate making improvements
- Reviews the work papers of the audit team members ensuring that departmental standards have been met
- Communicates the audit status to business unit stakeholders and Audit Services management
- Drafts findings and recommendations for the purpose of status updates, memos, and audit reports
- Maintain technical competence by ongoing training, seeking development opportunities and applying new knowledge to daily work assignments
Skills/Qualifications
- Minimum of 5 years of IT auditing and systems experience
- Experience leading teams
- Knowledge of audit procedures and technical security and control standards usually obtained through related work experience and a four year degree program is required to perform system audits
- Solid understanding of Information Technology and Cybersecurity controls
- Skills as needed to perform testing of design and operational effectiveness of application controls (e.g., Interface and Application Security Controls)
- Skills as needed to perform testing of design and operational effectiveness of information security and cyber security controls (e.g., Penetration Testing, SecOps, Security Information and Event Monitoring, Data Security)
- Knowledge of the operations, functions, and objectives of interfacing areas is required to properly audit operations, services, systems, workflow, and operational impact on other areas
- Operates independently; has in-depth knowledge of business unit/function
- Self-starter with an ability to self-motivate
- Excellent verbal and written communication skills
- Strong organizational skills with attention to detail
- Ability to proactively assess issues, identify solutions and problem solve
- Ability to react and respond on a timely basis; work under pressure and to deliver to tight deadlines
- Ability to adapt and react positively in a changing and dynamic work environment
- Ability to develop relationships with diverse groups and various levels of technology and non-technology personnel
- Flexibility, multi-tasking, creative thinking, good business judgment skills are required to meet strict deadlines and manage other projects.
- Must be a team player and able to work under pressure during peak periods
The Successful Candidate Will Benefit From Having
- Knowledge of systems software applications and databases common to the mainframe and distributed environments, such as UNIX, iSeries, and Windows
- Understanding of networks, routers, and firewalls is also a plus
- Understanding of newer technologies (e.g., Containers, Kubernetes, CI/CD) and cloud infrastructure (e.g., AWS, MS Azure)
- Certified Information System Audit (CISA) certification is preferred. Additional certifications such as Certified Information Systems Security Professional (CISSP), or other related certifications
- Proficiency in Word and Excel