The Internal Audit Group (IAG) delivers independent and objective assurance services that support management in striking the balance between risk and controls, and assists the Board of Directors fulfill its governance responsibilities. We perform independent process, financial, compliance, and technology audits, consistent with professional standards. IAG also reviews specific operations or processes at the request of the Audit Committee or Senior Leadership.
The primary objective of the Cybersecurity & IT Process audit team is to perform technology control examinations, which consist of information security, infrastructure, enterprise architecture, application development, DevOps, IT risk management and other technology process controls.
In this role, the IT Audit Senior will assist with risk assessment, execution, and issue resolution processes within technically complex audits of Cybersecurity & IT Process. This role will also have an opportunity to participate in an in-house developed training and development program to give our technology and non-technology auditors more knowledge and "hands on the keyboard experience" with key information security related concepts.
Key performance objectives:
- Participate as a key team member on complex cybersecurity and technology operations/process audit projects
- Assist team leaders and staff auditors in accomplishing team objectives
- Assess inherent risks, evaluate control designs, develop and execute audit tests
- Assess the impact of exceptions and control deficiencies
- Present testing results to various levels of client management
- Assist in the development of cost-justified, value-added management actions
- Effectively handle larger and more challenging workloads on successive assignments
- Produce excellent results in audit projects across multiple business areas and for different team leaders
- Proficient use of automated work papers and other department and company tools
- Ensure effective and efficient execution of audits in conformance with professional and department standards, budgets, and timelines
- Maintain internal audit competency through ongoing professional development
- 2 plus years relevant IT audit, IT consulting, and/or hands on IT/cybersecurity experience in a Big 4 or financial services environment required
- Strong technology risk and control foundational knowledge is required, including standard IT General Control concepts (e.g. access management, application development, change management, information security).
- Strong desire to deepen technical skills and experience is also required. Subject matter within audit portfolio includes: threat & vulnerability management, IT asset & configuration management, network, server and endpoint security, encryption and data protection, enterprise resilience, cloud computing, DevOps, and third party security risk management.
- Certified Information Systems Auditor (CISA) or relevant advanced industry certification or agreement to achieve within 12 months of start date required
- One or more relevant advanced industry certification(s) desired (e.g., CISSP, CISA, CEH) or desire to pursue strongly preferred
- Knowledge of relevant regulations and frameworks; including COSO, COBIT, PCI, NIST, ITIL, Cloud Control Framework, FFIEC, GLBA 501(b) desired
- Bachelors degree required
Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.