About the Role:CBRE's Internal Audit (IA) is an independent, solution-focused business partner that provides insight to protect CBRE's brand and drive positive change. IA provides objective assurance and guidance to help CBRE leaders across our global enterprise identify, communicate and mitigate risk exposure that could threaten our company's ability to achieve strategic objectives. In short-this team helps CBRE reach business and functional goals by identifying opportunities for improvement.
IA is an early adopter of agile auditing and utilizes agile to serve our clients in the most efficient/effective manner possible. The Internal Audit Manager will be an engaged scrum team member who leads audit engagements on CBRE's Enterprise Risks.
This role will have the primary responsibilities of understanding business processes, assessing risks to business objectives, evaluating control effectiveness and delivering insights to stakeholders and senior leadership. The IT Audit Manager will possess operational internal audit experience, an interest in cybersecurity, data analytics, Artificial Intelligence, strong communication skills and advanced critical thinking.
What You'll Do:The Cybersecurity IT Audit Manager will lead audit and project work to evaluate key risks and the adequacy of controls within CBRE's global business units and key business processes. Core responsibilities for this position include, but are not limited to:
- Contributing to the development of an audit approach and testing strategy for assigned audits to ensure key business risks and controls are evaluated.
- Drafting, coordinating and participating in the completion of audit procedures (i.e., user stories).
- Communicating audit findings to the audit team and stakeholders.
- Providing peer reviews of workpaper documentation to ensure the retained documentation supports the audit work performed.
- Completing and delivering projects and related deliverables on time, with exceptional quality and within budget.
- Performing testing verifying the effectiveness of established processes and procedures; confirming audit findings/observations identified through detailed testing.
Having professionalism and maturity to make oral and written presentations to key stakeholders throughout, and at the conclusion of, audit projects by discussing process and control deficiencies and recommending corrective actions and other suggestions to improve operational controls, mitigate risk, improve efficiencies or reduce costs:
- Preparing draft reports for review and ensuring audit comments are agreed, clear, concise and focused on the root cause of the issue and intended outcome
- Working as a global resource and participating in audit assignments in any location, as necessary
- Providing input into department initiatives (e.g., templates, audit manual and methodologies, etc.), as necessary
- Interpreting policies and procedures and applying professional auditing principles and standards to test and evaluate IT and Cybersecurity operations and systems. Designing audit procedures that adequately address risk and compliance with Company standards and relevant regulations.
What You'll Need:To perform this job successfully, an individual will need to perform each crucial duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.
- Bachelor's degree (BS or BA) from a four-year university in Computer Science, Computer Information Systems, Computer Engineering, Management Information Systems, or related field.
- 7+ years of combined professional business and/or experience within an audit environment. Equivalent work experience will be considered.
- Preferred experience with Cybersecurity, Sarbanes Oxley, IT General Controls, COBIT framework and NIST frameworks.
- Additional certifications preferred in Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager, (CISM) or similar.
- Excellent written and verbal communication skills to accurately explain technical solutions. Strong organizational and analytical skills. Ability to provide efficient, timely, reliable and courteous service to audit and business stakeholders. Ability to respond effectively to request and support issues and work collaboratively with business partners.
- Leadership skills to motivate the team to achieve broad operational targets with impacts on own job discipline, multiple job disciplines, and department.
- In-depth knowledge of Microsoft Office products. Examples include Word, Excel, Outlook, etc.
- Extensive organizational skills and an advanced inquisitive mindset.
- Advanced math skills. Ability to calculate complicated figures such as percentages, fractions, and other financial-related calculations.
