Cybersecurity Audit Associate

About The Position

Requirements

• Minimum of 3 years of Cybersecurity/audit experience in the banking and/or technology industry.
• Knowledge and experience in various Technology and Cybersecurity domains, e.g., Identity and Access Management, Vulnerability Management, etc.
• Knowledge of cybersecurity related risks (i.e., Governance, Identify, Protect, Detect, Respond, Recover, Supply Chain, and Demand Management).
• Knowledge of industry relevant standards (e.g., NIST, CRI) and related regulatory expectations (e.g., NYS DFS 500, FFIEC).
• Knowledge of audit techniques, risk and internal controls assessment, and workpaper standards. Ability to manage and execute audits, from planning to audit closing.
• Strong strategic thinking skills including the ability to identify and assess technology related risks.
• Excellent communication (both verbal and written), presentation and professional skills including the ability to interact effectively at all levels within the organization.
• Enthusiastic and self-motivated, effective under pressure and willing to take personal responsibility/accountability.
• Bachelor’s Degree in Information Technology, MIS, Finance, or related field.
• Working knowledge of Microsoft Office Suite (Outlook, Excel, Word, PowerPoint).
• Employees must live within a reasonable commuting distance of their office location.

Nice To Haves

• Advanced degree is a plus.

Responsibilities

• Conduct regular audits of cybersecurity and technology related areas assessing adherence to firm and regulatory requirements and assessing design, operating effectiveness and sustainability of associated controls.
• Create audit issues and reports that clearly articulate results, conclusions and recommendations for review with senior audit management and auditees.
• Challenge the ongoing coverage of cybersecurity and technology related areas and present ideas for improvement.
• Facilitate risk issue tracking to promote timely remediation.
• Track and validate closure of issues raised by IAD, external auditors, regulators, and self-identified by stakeholders, including recommending additional actions when necessary.
• Work collaboratively with colleagues and auditees to identify risk concerns and agree reasonable solutions.
• Forge strong partnerships with colleagues in other technology and control functions including legal, compliance, data security and risk management to promote front-to-back collaboration across risk assessment and findings remediation.
• Partner with audit colleagues in other business verticals and/or geographies to share best practices and drive greater consistency. Seek out opportunities to engage with stakeholders outside of formal audit periods to drive deeper relationships.
• Stay up-to-date with evolving industry/regulatory changes impacting the business and participate in appropriate control forums.
• Conduct regular Continuous Monitoring activities and auditable entity updates.
• Recognize the confidential nature of IAD communications and access to information; exercise discipline in protecting the confidentiality and security of information in accordance with IAD policies and procedures.

Benefits

• competitive portfolio of benefits to its employees
• annual discretionary incentive award