Senior Manager, Internal Audit & Risk Advisory Services

The National Football League•New York, NY

1d•$135,000 - $165,000•Onsite

About The Position

The NFL’s Internal Audit Department is seeking an Internal Audit & Risk Advisory Services Senior Manager for Information Security to lead and/or participate in audits of League Information Technology (IT) operations and compliance reviews of member clubs, stadiums, and League contractors. Prior audit experience is mandatory in addressing the confidentiality, integrity, and availability of information systems including but not limited to network and cloud architecture, infrastructure and end-point security, vulnerability management, and general information technology controls (ITGC). This is a highly visible role where the candidate will be required to manage multiple engagements on a concurrent basis across the League, club, stadium, and contractor landscape, deal directly with respective senior leaders within these environments, and develop trend reports to executive leadership. The candidate is directly responsible for managing multiple external resources and must demonstrate the ability to exercise good judgment and handle sensitive matters. This role reports to the Senior Director, Internal Audit & Risk Advisory Services, who oversees all information security related audit functions.

Requirements

Bachelor’s Degree
Overall experience of a minimum of 7-10 years and must include internal and/or external audit experience
Strong technical foundation including an undergraduate degree in Cybersecurity, Business Information Systems, or Computer Science / Engineering
Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP) mandatory
Knowledge of the concepts, theories, principles, and practices of auditing, including internal control concepts
Must be able to interact effectively with personnel ranging from junior co-sourced staff to NFL and auditee executive leadership
Advanced capabilities in Microsoft suite of products and experience with GRC and reporting tools

Nice To Haves

Other certifications of Certified Internal Auditor (CIA), Certified in Risk and Information Systems Control (CRISC), or Cybersecurity Audit Certificate are preferable but not mandatory
Experience in managing audits via co-sourced arrangements
Expertise with cybersecurity frameworks
Prior experience conducting audits of industrial technology systems is a plus
Working knowledge of PCI DSS, HIPAA, and CCPA compliance frameworks is a plus
Proven track record as a strong communicator both in written and oral presentations
Exceptional organization skills
Excellent time-management skills with the ability to work independently with little to no supervision

Responsibilities

Work jointly with the Senior Director to develop and schedule annual audit plans
Plan, manage, and complete all work program steps for League department audits and member club, stadium, and contractor reviews
Supervise multiple external staff in the conduct of audits and reviews
Provide periodic updates regarding engagement status
Review audit findings with League, club, and stadium management
Draft reports for review and execution by the Senior Director
Contribute to presentations in terms of both content and delivery to League, club, and stadium management
Conduct follow-up work, as necessary, to evaluate corrective actions taken by League, club, and stadium management to resolve previous audit observations
Monitor quality, efficiency, and throughput key performance metrics and report status to the Senior Director
Manage department-wide objectives along with other Audit colleagues
Assist in defining and implementing departmental transformative efforts to further enhance Internal Audit’s core mission, capabilities, and long-term value to the League