Are you ready to work with a purpose? At ABB, you can be sure you’re helping to create a better world. The business you’ll secure and the partnerships you’ll build will touch the lives of millions when they lead to sustainable power plants in remote corners of the world or improved safety for workers in auto plants. ABB is seeking a Information Technology (IT) and Information Security Senior Auditor for its Cary, North Carolina location. ABB’s Internal Audit team is building out its competencies in IT and CybersecurityAudit in response to the growing cyberrisks present in the many industries where ABB operates. The Internal Audit function plays a critical role in shaping ABB’s approach to IT and cyberrisks by providing Management with independent and objective assurance over the company’s IT activities. This is accomplished by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of risk management, control, and governance processes. In your role as Internal Audit Manager – IT and Information Security, you will utilize your experience, intelligence, and ingenuity to provide insightful and value-added audit recommendations to ABB’s IT and Cybersecurity functions.
Typical duties/responsibilities may include, but are not limited to, the following:
• Assist in developing the standards, competencies, and processes of the IT and Information Security Audit function within ABB.
• Assist in the development and analysis of key metrics to identify trends in ABB IT and Information Security.
• Serve as a member of an audit team performing a number of engagements at various ABB locations throughout the year.
• Establish strong relationships with senior ABB IT and Cybersecurity leadership, related controls groups, and business auditors.
• Share knowledge, techniques, and toolsets with colleagues within the team to build Cybersecurity proficiency in the Audit Team.
• Ensure timely preparation of all engagement deliverables, including risk assessments, audit work papers, audit reports, follow-up reports, etc.
• Analyze existing and proposed cybersecurity legislation, regulatory announcements, and industry practices, to determine gaps and impact to the cybersecurity program.
• Bachelor’s degree and minimum 4 years of progressive Information Technology Audit or Information Security Audit experience.
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science is preferred.
• Solid and demonstrable comprehension of data protection strategies, network and system vulnerabilities, Security Information and Event Management, malware, emerging threats, attacks, and vulnerability management.
• Working knowledge of various security standards, such as SOC-1/SOC-2, NERC CIP, PCI, ISO 27001/27002, ISA/IEC-62443etc.
• Understanding of various IT/Cybersecurity frameworks, such as COBIT, COSO, NIST CSF, etc.
• Excellent problem-solving, analytical, and written/oral communication skills.
• Outstanding interpersonal and relationship-building skills.
• Native-level fluency in English (verbal and written).
• Ability to travel 70% of the year, for multiple weeks at a time and sometimes with short notice.
• CISA, CISM, CISSP, CEH, or other similar qualifications.
• Ethical or “white hat” hacking and/or “red team” experience.
• Active Project Managementexperience, or knowledge of Project Management methodologies.