DescriptionJob overview and responsibilitiesThe Managing Director, IT Audit & Cybersecurity leads the enterprise Digital Technology and Cyber assurance function, serving as a strategic partner and trusted advisor to senior leadership. This role ensures that the organization's most critical technology and cyber risks are proactively identified, assessed, and mitigated, while enabling the business to make informed, risk-based decisions.
Reporting to the Vice President and Chief Risk Officer, this leader is responsible for defining and executing a comprehensive, risk-based assurance strategy-an enterprise-wide approach that continuously identifies, prioritizes, and validates controls over the organization's most significant cyber and digital risks. This strategy integrates activities across all lines of defense and delivers clear, actionable insights to executive leadership and the Board.
- Define and lead the enterprise-wide IT and Cyber Internal Audit strategy - Define and execute an enterprise-wide, risk-based assurance strategy aligned to business priorities and transformation initiatives. Provide forward-looking insights on emerging risks, including cloud and digital transformation.
- The strategic focus areas:
- Enterprise technology and cyber risk strategy
- Governance and regulatory alignment
- Cybersecurity risk mitigation and resilience
- Cloud transformation and digital innovation
- Engagement with engineering, cybersecurity, and architecture teams
- Governance and regulatory alignment
- Provide end-to-end accountability for the quality and execution of all IT and Cyber audit activities - Ensuring alignment with internal audit standards (IPPF), regulatory expectations, and coverage of key risk areas including SOX ITGC, PCI DSS, NIST CSF, ISO 27001, cyber resiliency (disaster recovery and business continuity), and emerging threats such as ransomware and third-party/supply chain risk
- Governance and regulatory alignment
- Serve as a trusted advisor to executive leadership, the Chief Audit Officer, and the Audit Committee/Board:
- Serve as a trusted advisor to executive leadership on technology and cybersecurity risk, control effectiveness, and emerging threats.
- Present audit outcomes, enterprise technology risk insights, and emerging threats to executive leadership and the Audit Committee
- Provide proactive risk advisory on major technology initiatives
- Lead develop, and scale a high-performing, team of audit professionals responsible for Digital Technology and Cyber audit programs:
- Elevate team capabilities to deliver insight-driven assurance
- Drive transformation of audit capabilities through innovation:
- Embedding advanced data analytics, automation, and continuous auditing techniques to enhance assurance, increase coverage, and deliver real-time risk insights.
QualificationsWhat's needed to succeed (Minimum Qualifications):- Bachelor's degree or related experience in Information Systems, Business, Accounting, Finance, or related field
- CISA or comparable certification
- 12+ years of IT Audit or Cyber experience
- Leadership experience at senior level
- Deep IT audit and control knowledge
- Strong business acumen and executive presence
- Extensive knowledge of IT audit and internal audit standards (IPPF)
- Strong understanding of cybersecurity frameworks (SOX ITGC, PCI DSS, NIST CSF, ISO 27001, COBIT)
- Ability to assess complex technology and cyber risks and translate them into business impact.
- Strong leadership skills with experience managing leaders of leaders.
- Demonstrated ability to influence executive leadership and drive cross functional alignment.
- Effective communication skills, both written and verbal
- Experience applying data analytics in audit or risk environments
- Must be legally authorized to work in the United States for any employer without sponsorship
- Successful completion of interview required to meet job qualification
- Reliable, punctual attendance is an essential function of the position
What will help you propel from the pack (Preferred Qualifications):- CISSP, CISM, CPA, CIA, or CFE
- Transportation or regulated industry experience
- Experience with analytics tools
- Experience with data analytics tools (SQL, Tableau, ACL, SAS, etc.)
- Knowledge of emerging technologies (cloud, AI, digital platforms)
- Experience in the transportation or aviation industry
- Experience driving audit transformation or implementing advanced analytics
