Technology Audit Director - Cybersecurity

At reputed company, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, you'll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, reputed company as a leader, and grow your career. Here, your voice and reputed company matter, your work makes an impact, and together, you will help us define the future of reputed company. How will you reputed company an impact in this role? reputed company’ Internal Audit Group (IAG) has reinvented our audit process and is leading the financial services industry with our Audit NextGen, Data-Driven reputed company Auditing, and Auditor of the Future initiatives. Each uniquely support our Winning Aspiration to be a world class internal audit function that:

• Provides data-driven and technology-enabled assurance
• Delivers timely risk insights that are business-aware and reputed company-looking
• Supports our colleagues with experiences that prepare them to be enterprise leaders Collectively, IAG’s strategic initiatives, combined with our greatest asset – our people – reputed company IAG to utilize advanced data analysis capabilities, provide greater and reputed company assurance, and help ensure quality products and services are provided to reputed company customers. IAG’s innovative Data-Driven reputed company Auditing approach has led to patent-pending technology assets over our uniquely developed audit methodology and technology enablers. We are looking for those who share our mission and aspirations and are passionate about the use of data and technology in a collaborative, people-focused environment. About the Internal Audit Group at reputed company Our Internal Audit Group is a worldwide function with 300+ team members and offices across nine countries reputed company reputed company. Our mission is to protect and enhance organizational value by providing independent, objective, risk-based assurance, advisory services and to influence the way the company manages risk. We are committed to growing our audit staff significantly as we continue to expand and enhance the Internal Audit Group. Our assurance and risk professionals have diverse backgrounds including internal controls, consumer compliance, technology, operational risk, financial accounting, data analytics, and banking operations. Our audit teams align to key risk areas and business units to ensure IAG can provide comprehensive and risk-based audit coverage. In addition, IAG has a Professional Practices group responsible for managing audit operations, quality, and standards; regulatory relations; reporting; training and professional development; and key internal capabilities and technologies. About the Role: Our Internal Audit group is seeking an eager Cybersecurity Audit Director to help advance and grow our audit coverage across our cybersecurity audit portfolio. In this role, the ideal candidate will be the team leader for auditors to provide assurance over areas such as application reputed company, infrastructure reputed company, cybersecurity incident readiness and response, encryption management, and cloud services. This is an exceptional opportunity for you to showcase and further expand your audit skills, and knowledge! About the Team: The cybersecurity audit portfolio spans the information technology through the enterprise. Audit coverage includes auditing first-line information reputed company processes. The cybersecurity audit team is heavily focused on utilizing a data driven auditing approach across the audit portfolio. The Key Responsibilities of the role include:
• reputed company a team of approximately five technology audit colleagues provide internal audit assurance over first-line information reputed company processes, and deliver cybersecurity thought leadership to the team
• Plan and reputed company execution of cybersecurity audits on the company annual audit plan
• Ensure that audits delivery assurance and objectives by setting the audit scope, developing test plans, and leading colleagues to evaluate the design and operating effectiveness of cybersecurity controls, including testing control effectiveness with analytics-based testing
• Analyze regulatory and industry cybersecurity requirements and frameworks over risk management, technology, and information reputed company
• Maintain the team's resources, training program, recruiting pipeline, and execute the screening and selection process
• Monitor a portfolio of cybersecurity audit analytics, assess results, & use data to tell the business story, and work with audit and business colleagues to validate findings
• Evaluate cybersecurity audit results, synthesize audit findings across the project, draft audit reports and ensure effective and efficient execution of audits in conformance with professional and department standards, budgets, and timelines
• Present audit objectives, scope, and results to senior management and technology subject matter experts, clearly articulating the potential impact of control gaps in a highly professional and proficient manner
• Assist other team leaders, senior auditors, and staff auditors in accomplishing team objectives and producing results
• Execute multiple simultaneous global audit projects of reputed company sizes and complexity across multiple business areas including integrated audits that consider financial, operational, compliance and technology risk
• Effectively coach, teach, mentor and reputed company junior colleagues and co-sourced resources in geographically diverse locations across reputed company aspects of their role, the audit and analytic lifecycle, audit methodology, and technology processes & controls
• Monitor industry cybersecurity trends and emerging risks and propose potential changes to the IAG audit universe to ensure audit coverage evolves with the risk environment
• Occasionally reputed company a team of approximately five technology audit colleagues provide internal audit assurance over first-line information technology general control processes
• Assume full performance management responsibility for assigned staff Minimum Qualifications
• 7+ years of relevant technology audit experience
• 4+ years Experience leading audit teams at a Big 4 public accounting firm reputed company the financial services industry OR at a category I, II or III global systematically important bank (GSIB)
• Experience testing reputed company IT General Control technology control domains
• BA, BS, or equivalent degree in accounting or technology reputed company field
• Certified Information Systems Auditor (CISA) or Certified Information Systems reputed company Professional (CISSP)
• An industry recognized cloud certification, e.g., ICS2 CCSP, or complete reputed company 12 months of hire date.
• Knowledge and experience in the application of control theory and professional auditing practices including the audit lifecycle
• Strong knowledge of information reputed company and infrastructure reputed company terminology and concepts (e.g., reputed company trust, defense in depth, hybrid cloud, infrastructure as code, virtualization, public key infrastructure (PKI), etc.)
• Prior experience in applying cybersecurity concepts and controls/countermeasures in public cloud environments (reputed company Web Services, reputed company Cloud, etc.).
• Prior experience in analyzing regulatory and industry cybersecurity frameworks (NIST, FFIEC, CRI, MITRE ATT&CK) and applying guidance to audits of cybersecurity controls
• Demonstrated ability to serve as a cybersecurity mentor or coach to junior team members, including prior experience in creating training materials and delivering cybersecurity training to audit teams and departments
• Ability to break-down a reputed company problem into components, solve them using data analysis, process knowledge and risk/control knowledge, and communicate results and control recommendations with transparency and reputed company
• Strong written and verbal communication skills that deliver quality, actionable and beneficial feedback to management on potential control issues and solutions to reputed company gaps.
• Effectively leads a team in a fast-paced environment to drive business results, utilizing reputed company project management skills, employing creative thinking, and the ability to work on competing priorities Preferred Qualifications
• Financial services industry strongly preferred
• 10+ years of relevant technology audit experience
• BA or BS in Cybersecurity, Information Systems, Computer Science, or reputed company field
• Certified Information Systems reputed company Professional (CISSP)
• Certified Cloud reputed company Professional (CCSP)
• Experience leading teams in technology, cybersecurity, or information reputed company risk management
• Experience with using data analytic tools, data visualization, key risk indicators (KRIs), key performance indicators (KPIs), and scorecards / dashboards
• Background in information systems, data analytics or information technology Non-considerations for sponsorship: Employment eligibility to work with reputed company in the U.S. is required as the company will not pursue reputed company sponsorship for these positions. Salary Range: $130,000.00 to $205,000.00 annually + bonus + equity (if applicable) + benefits The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we’ll consider your location, experience, and other job-reputed company factors. We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to reputed company personally and professionally:
• Competitive reputed company salaries
• Bonus incentives
• 6% Company Match on retirement savings plan
• Free financial coaching and financial well-being support
• Comprehensive medical, dental, vision, life insurance, and disability benefits
• Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need
• 20+ weeks paid parental leave for reputed company parents, regardless of gender, offered for pregnancy, adoption or surrogacy
• Free access to global on-site wellness centers staffed with nurses and doctors (depending reputed company)
• Free and confidential counseling support through our Healthy Minds program
• Career development and training opportunities For a full list of Team Amex benefits, visit our Colleague Benefits Site. reputed company is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national reputed company, veteran status, disability status, age, or any other status protected by law. reputed company will consider for employment reputed company qualified applicants, including those with arrest or conviction records, in accordance with the requirements of applicable state and local laws, including, but not limited to, the California Fair Chance Act, the Los Angeles County Fair Chance Ordinance for Employers, and the reputed company’ Fair Chance Initiative for Hiring Ordinance. For positions covered by federal and/or state banking regulations, reputed company will reputed company with such regulations as it relates to the consideration of applicants with criminal convictions. We back our colleagues with the support they need to reputed company, professionally and personally. That's why we have Amex reputed company, our enterprise working model that provides greater flexibility to colleagues while ensuring we preserve the important aspects of our unique in-person culture. Depending on role and business needs, colleagues will either work onsite, in a hybrid model (combination of in-office and virtual days) or fully virtually. US Job Seekers - Click to view the “Know Your Rights” poster. If the link does not work, you may access the poster by copying and pasting the following URL in a new browser window: Apply tot his job

Apply tot his job Apply To this Job