Internal Audit Security Senior Manager
About The Position
This is an exciting opportunity to establish and lead the inaugural Security function within our Internal Audit department. As the Internal Audit Security Lead/Manager, you will be instrumental in defining and executing our security risk assessment strategy, serving as a strategic partner to our Global Security and Privacy teams, and leading end-to-end security assessments. This role demands a proactive and strategic thinker with a strong foundation in cybersecurity and a passion for building a robust security audit program. You will report to the Director of IT Internal Audit in our Internal Audit organization. This role will have a flexible hybrid schedule and will be based near the U.S. West Coast or East Coast office hub (in San Francisco Bay Area, Seattle, Los Angeles or New York).
Requirements
- You have 8+ years of experience in IT audit, cybersecurity, or a related field.
- You have experience building a Security assessment program ground up and planning and executing Security Risk Assessments.
- You have experience planning and executing audits of various security domains, including vulnerability management, access control, incident response, data security, and cloud security.
- You have effective communication, presentation, and interpersonal skills.
- You have a strong understanding of IT and cybersecurity frameworks and standards (e.g., NIST, ISO 27001, SOC 2, PCI DSS).
- You have experience collaborating with a geographically distributed team.
- You have experience with GRC tools and security solutions like Panther, Wiz or GoogleSecOps.
- You have knowledge of cloud computing platforms (e.g., AWS, GCP).
- You have a Bachelor's degree in Information Systems, Computer Science, or related field.
Responsibilities
- Stand up the first-ever Security function within Internal Audit, developing foundational processes and methodologies.
- Play a key role in defining Internal Audit's roadmap for managing and assessing security-related risks, aligning with organizational priorities and industry best practices.
- Act as a strategic partner to Global Security and Privacy teams, collaborating on the definition and development of roadmaps and remediation processes.
- Develop and execute risk-based IT and cybersecurity audit plans, including scoping, testing, and reporting of various security domains, including vulnerability management, access control, incident response, data security, and cloud security.
- Leverage your understanding of leading industry regulations and standards, including NIST, ISO 27001, SOC 2, and PCI DSS and provide recommendations to the stakeholders.
- Aid in the development and implementation of continuous monitoring for key security controls.
- Utilize data analytics to identify security trends and potential risks.
Benefits
- a 401(k) plan with employer matching
- 16 weeks of paid parental leave
- wellness benefits
- commuter benefits match
- paid time off and paid sick leave in compliance with applicable laws (e.g. Colorado Healthy Families and Workplaces Act)
- medical, dental, and vision benefits
- 11 paid holidays
- disability and basic life insurance
- family-forming assistance
- a mental health program
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Industry
Food Services and Drinking Places
Number of Employees
5,001-10,000 employees
