Location: San Francisco, CA
Salary Compensation: $180K/yr. – $250K/yr.
Email Address: email@example.com (Share your Resume to this email with the Job title as subject)
Industry: Financial Services
The Enterprise Technology Audit Group – Information Security Audit Team is looking to fill several Principal Auditor positions to support the coverage of the company’s core Information Security and Cybersecurity controls (e.g., Cyber Threat Fusion Center, Data Loss Protection, Security Information and Event Management, Cryptographic Services, Patch and Vulnerability Management, Network Security Management, Access Management, Third Party Information Security Management etc.).
- Responsible for performing audit testing of moderately complex to very complex components of assigned audits within multiple segments of the Audit Plan.
- Leads timely planning and execution of an assigned audit test.
- Assigned to projects ranging in size and complexity based upon level of experience.
- Perform auditor-in-charge responsibilities as assigned.
- Provides timely and quality work product.
- Ensures documentation and reporting are ready for review by managers and senior managers.
- Develops and maintains strong business relationships within Internal Audit and with teams across the enterprise.
- Ensures audit programs and testing are risk-based, and executed according to Internal Audit policies and guidance.
- 5+ years of experience in one or a combination of audit or risk functions: covering risk identification, mitigation and management (includes audit, legal, operational risk, compliance risk, credit risk, market risk, technology risk, or the management of a process or business with accountability for risk.) demonstrated through work or military experience
- Experience at a financial institution or accounting firm
- Solid knowledge and understanding of audit or risk methodologies and supporting tools
- Certification in one or more of the following: CPA, CAMS, CRCM, CIA, CISA or Commissioned Bank Examiner designation
- Ability to work effectively in a team environment and across all organizational levels, where flexibility, collaboration, and adaptability are important
- Experience performing risk assessments and/or audits of third party technology and information and cyber security risks.
- Demonstrated experience assessing scaled and highly complex environments, preferably in the financial services sector. Knowledge of IT, information security and Cloud management and control frameworks (e.g. NIST Cybersecurity Framework and 800-53, CIS Top 20 Critical Security Controls, FFIEC IT Examination Handbooks, COBIT, FedRAMP, ISO 2700x, ITIL).
- CISSP, CCSP, CCAK and Ethical Hacker certifications would be highly regarded, as well as CSX Nexus Cybersecurity and Cybersecurity Audit Certificates from ISACA.
- Experience assessing Cyber Threat Fusion Center controls, techniques and tools; cryptographic controls and solutions; logging and monitoring, anti-virus, network security, data loss protection, vulnerability, configuration and patch management controls.
- Experience assessing Identity and Access Management programs, familiarity with relevant access management tools and processes.
- High-energy self-starter who thrives in large, complex environments and challenging situations; must have the ability to adapt to change quickly and adjust work in a positive, professional manner; ability to work in a dynamic environment with multiple time constraints.
- Experience working in a highly formal audit environment, including preparation of formal test of design and test of effectiveness work-papers, sample selection through use of formal sample selection tools, process and control flow-charting, and audit methodology compliance.
- Outstanding problem solving and analytical skills with ability to turn findings into strategic imperatives.
- Demonstrate professional skepticism and exercise superior judgment when evaluating the business impact and significance of audit findings.