IT Infrastructure and Information Security Audit Manager

Nomura•New York, NY

38d•$240,000 - $270,000•Onsite

About The Position

Nomura is a global financial services group with an integrated network spanning over 30 countries and regions. By connecting markets East & West, Nomura services the needs of individuals, institutions, corporates and governments through its three business divisions: Retail, Wholesale (Global Markets and Investment Banking), and Investment Management. Founded in 1925, the firm is built on a tradition of disciplined entrepreneurship, serving clients with creative solutions and considered thought leadership. For further information about Nomura, visit www.nomura.com. Aon's Benefit Index, Nomura's benefits rank #1 amongst our competitors Department overview: The Internal Audit department is a key part of the firm's corporate governance, and the department's primary objectives are to review the company's control environment and report any weaknesses identified to the Audit Committee and senior management. The department in the US comprises over 35 professionals, split across Business, Risk, Legal & Compliance and IT audit teams reporting functionally to the Global Portfolio Directors of each division and to the Regional Head of Internal Audit for the Americas. Role description: The Internal Audit (IA) department covers technology risk through the audit of technology functions and through technology audit procedures integrated in all audits. There is a vacancy for a Technology Executive Director to lead global audit work for Technology functions, in particular Infrastructure and Information Security. The successful candidate will report to the global Technology Portfolio Director (TPD). The role's responsibilities are: Leading global audits. Including performance of audit planning, fieldwork and reporting. This involves leading the global team assigned to the audit, delivery of the audit within the planned timelines, ensuring all audit work is executed and documented in accordance with our audit methodology. Risk Assessments. This involves interaction with technology stakeholders, review of relevant metrics as well as other internal and external material. You would also be expected to provide input into the audit plan covering the IT Infrastructure and Security portfolio. Continuous Monitoring. Including interaction with key technology stakeholders, review of metrics as well as other relevant internal and external material, evaluation of changes to the risk profile. Issue Tracking. Including determining the audit procedures required to validate the closure of audit issues. Data Analytics. Use of data analytics techniques on audit engagements where relevant and supporting audit colleagues to utilise data analytics to improve and enhance the audit approach. Continuous Learning. Study public material or attend courses to remain abreast of changes in cyber security, information security, infrastructure technology, financial services industry, regulatory changes, and audit practices

Requirements

Minimum of 10 years working experience, this should include working within IT Internal/External Audit or Second line IT functions within financial services industry.
Strong knowledge of IT security, including both technical and business controls.
Relationship management: Ability to develop and maintain strong relationships with subject matter experts and IT leaders across the organisation. Work collaboratively with other Internal Audit stakeholders.
Strong time and project management skills, consistently delivering to deadlines (budget and time).
Very good knowledge of leading IT Infrastructure and Information Security reviews such as: Operating Systems and Databases, Messaging infrastructure, Databases, Cloud infrastructure, IT Networks, Vulnerability Management, Security Operations Centre and Data Security.
Experience in assessing controls based on COBIT or other leading technology risk management and governance control framework.
Experience in assessing controls based on NIST, SANS, ISO27000 or other leading cyber security framework.
Very good presentation and report writing skills. Producing draft reports that require minimal changes.
Qualifications: University degree in a technology related discipline and CISSP/CISA/CISM or equivalent certifications are required.

Nice To Haves

Other relevant qualifications will be beneficial but not required.

Responsibilities

Leading global audits. Including performance of audit planning, fieldwork and reporting. This involves leading the global team assigned to the audit, delivery of the audit within the planned timelines, ensuring all audit work is executed and documented in accordance with our audit methodology.
Risk Assessments. This involves interaction with technology stakeholders, review of relevant metrics as well as other internal and external material. You would also be expected to provide input into the audit plan covering the IT Infrastructure and Security portfolio.
Continuous Monitoring. Including interaction with key technology stakeholders, review of metrics as well as other relevant internal and external material, evaluation of changes to the risk profile.
Issue Tracking. Including determining the audit procedures required to validate the closure of audit issues.
Data Analytics. Use of data analytics techniques on audit engagements where relevant and supporting audit colleagues to utilise data analytics to improve and enhance the audit approach.
Continuous Learning. Study public material or attend courses to remain abreast of changes in cyber security, information security, infrastructure technology, financial services industry, regulatory changes, and audit practices

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume