Purpose of PositionThe Cybersecurity & IT Audit Manager is responsible for leading technology-focused assurance activities that strengthen the organization's cybersecurity posture, IT control environment, and preparedness for major system changes. Acting as a third line of defense, this role provides independent, risk-based audit coverage of IT and cybersecurity domains, ensuring controls are designed and operating effectively across the enterprise. The manager also provides strategic oversight and advisory support to IT, Cybersecurity, and business leaders during significant technology initiatives, helping ensure new systems and processes are implemented with robust, sustainable controls. This position reports to the Director, Internal Audit.
Tasks and Responsibilities- Lead independent cybersecurity and IT audits, evaluating IT general controls, cybersecurity processes, and technology governance.
- Provide assurance support during major system implementations by reviewing control design, including but not limited to role-based access, and segregation-of-duties controls.
- Monitor emerging cybersecurity risks, analyze control gaps, and recommend enhancements to strengthen resilience and compliance posture.
- Review and assess user and privileged access practices to ensure alignment with least-privilege principles and enterprise control requirements.
- Where applicable, perform targeted risk-based audits of key IT and cybersecurity domains, including access management, change management, backup/recovery, patch management, and threat monitoring.
- Communicate audit results, insights, and remediation expectations to senior leadership; mentor team members and enhance audit methodologies.
Note:It is not possible to list all required job duties on this form. There may be other important duties assigned, depending on the position. For a list of essential job functions, please refer to the essential functions document for this job.
EducationBachelor's in Information Technology or Computer Information Systems
Certifications and LicensesCISA
CISSP
Certified Internal Auditor (CIA)
Years of Experience6-8 years of experience
Core CompetenciesAdaptability
Collaboration
Curiosity
Service-Oriented
Strives For Positive Results
Knowledge, Skills, Abilities and Other (KSAOs)- Strong understanding of IT infrastructure, cloud environments, application security, and risk management practices.
- Strong analytical, problem-solving, and critical thinking abilities.
- Effective communication skills, capable of presenting complex technical findings to executive leadership.
- Ability to build collaborative relationships with IT, Cybersecurity, and business stakeholders while maintaining audit independence.
- Proactive, detail-oriented, and adaptable in a fast-changing technology environment.
- Strong project management skills and the ability to lead audits from planning to reporting.
- Experience auditing IT general controls, cybersecurity frameworks (e.g., NIST, ISO 27001), and large-scale system implementations.
