As an IT Audit Manager (SME-IT), your work falls into three categories:
- Work with audit teams to provide input to and challenge the scope of cyber risk related work.
- Help audit teams identify appreciate review and testing procedures to effectively test whether cyber risk related controls are in place.
- Lead discovery and walk through meetings with the Information Technology and Information Security teams to understand and evaluate cyber risk related controls in Freddie Mac's IT environment.
- Provide input to and/or perform cyber risk-based assessments of shared infrastructure and / or business owned applications.
- Based on the work performed, identify strategic, business focused issues related to cyber risk.
- Build strong relationships with leaders across the First and Second Lines of Defense to enable strong collaboration, while maintaining Internal Audit's independence.
- May be tasked with leading, or participating in, specific risk assessment initiatives, firm-wide process change initiatives, conducting special investigations, or performing on going monitoring.
- Perform and document work in accordance with Internal Audit standards.
Conduct Research and Provide Training
- Maintain and grow technical knowledge through ongoing research and review of industry publications.
- Monitor external trends and perform research to provide consultative advice to audit, business and IT management on current or emerging cyber security risk, control and governance matters.
- Conduct internal training sessions to help other audit teams understand cyber risk and information technology concepts.
- Be the manager of choice and role model for your team
- Regularly evaluate employees and offer candid feedback
- Help team members develop and achieve professional goals
- Participate n the recruiting process
- Minimum of 8 years working experience. Experience must include a minimum of:
- 4 years working in IT operations or IT security areas such as application security, penetration testing, forensics, threat management, security engineering, system security assessments, and/or public cloud environments.
- 2 years working experience with common standards such as ISO 270001, ISO 20000, NIST 800-53, OWASP, and/or ITIL
- Bachelor's degree in in Cyber Security, Cyber Risk, Management Information Systems, Computer Science, Engineering, or Math
- CISA or willingness to obtain CISA within 12 months
- Demonstrated expertise in cyber security
- In depth knowledge and experience evaluating against cyber security industry standards such as NIST or ISO
- Must work well in a highly collaborative and team-oriented environment
- Must work creatively and analytically in a problem-solving environment
- Must demonstrate effective verbal and written communication and interpersonal skills