Principle Auditor - Cyber Security and Infrastructure
Salary $100000 - $185000 per year + Bonus
Location New York
Consultant Christopher Stringer
Date posted July 6, 2017
My Client, a global European Investment Bank is looking to hire two Cyber Security Audit professionals, either at the VP or the AVP level. The roles offer an opportunity to join the team at a time of proactive growth, and these positions in particular will also be tasked with aiding other technical members of the team with understanding and planning audits and controls.
As a Principal Auditor within the Cyber Security space the successful applicant is ultimately responsible for carrying out the planning, preparation, co-ordination and execution of audits. This is for the areas of IT Security, IT Infrastructure and IT Tools / applications. The roles will be based in New York; there will not be any travel involved for these positions.
Key tasks and responsibilities include;
- Evaluate the adequacy and effectiveness of controls relating to cyber and technology risks.
- Discovering and assessing risks and communicating them to the responsible Management team.
- Planning, preparing, coordinating and executing audits to evaluate the adequacy and effectiveness of controls within the Information Security and Information Technology departments.
- Support the implementation of the Group Audit risk-based methodology including; performing coverage of cyber and technology processes and the respective technology environment along with supporting a structured ongoing risk assessment via Continuous Audit Assessment.
- Undertaking audit assignments, drafting and consolidating audit reports for review by Audit Management and facilitate issue tracking and validating the closure of audit findings.
- Completing all work assignments on a timely basis, including ad hoc projects and special enquiries.
- Developing relationships across the Bank and communicating the results to clients at all levels.
- Serve as an SME for colleagues on Cyber issues and topics other technologies within Group Audit.
- Work along with other global colleagues in Singapore, Frankfurt, London, and New York.
- Pro-actively develop and maintain a professional working relationship with colleagues, business and respective support groups.
Background and required skillset.
- It is vital that the successful applicant has strong communication skills and a track record of building and maintaining strong relationships with internal stakeholders across different functions and varying degrees of seniority.
- Ideally have IA Certifications; e.g. CISSP, CISA, CISM, CIPP/IT, SANS GIAC
- Bachelors degree level with a concentration in Computer Science (or equivalent qualification / work experience required), Master’s degree preferred.
- Minimum of 3 years of Audit experience in Information Security, IT Infrastructure, IT Production, IT Operations or Vendor Risk Engagements.
- Ideally have familiarity of Information Risk Frameworks; ISO 27k, NIST 800 series, CSC Top 20 Security Controls
- Have experience in performing audits and security assessments, with particular focus on cyber security, information security, technology infrastructure, cloud technology, technology management, governance and compliance with regulatory requirements.
- Exposure to IT Audit, IT Risk Management, IT Compliance Management, Information Security, PCI Compliance, SOX Compliance, and Vendor Risk.
- Have a good understanding of IT security control processes (e.g. security monitoring, vulnerability scanning or penetration testing), information security such as data leakage prevention controls and ISMS processes, and regulatory requirements in the Banking sector.
- Have experience of analyzing and articulating cyber security risks from current threat vectors, combined with technical and process skills in an enterprise environment.
- Have excellent written and verbal communication skills