Sr. Manager, Audit - Information Security / Cybersecurity
Corporate Audit Services (CAS), the Internal Audit function within Capital One, is a dedicated group of audit professionals focused on delivering top quality assurance services to the organization’s Audit and Risk Committees. The CAS department is considered one of the leading internal audit functions within the financial services industry and is highly regarded within Capital One. CAS professionals are experienced, well-trained and credentialed, and operate within a highly collaborative team environment to deliver value added opinions, recommendations, advice and counsel. In addition, the CAS prides itself on having a dynamic and challenging atmosphere for both personal growth and professional opportunity.
Capital One is seeking an energetic, self-motivated TechnologyAudit Senior Manager interested in becoming part of our Corporate Audit Services team. The candidate will focus on information security and technology activities to identify, assess, control, and manage cyberrisk throughout the company. Areas of focus will include the maturity and sustainment of the overall information security program, emerging technologies (e.g., cloud, APIs), digital capabilities (e.g., mobile), as well as reviews of Technologyprocesses, applications, and core infrastructure. In addition, the Sr. Manager will work closely with members of the Technology and operational audit teams as it relates to assessment of new and evolving threats, as well as emerging and core technologies that support key processes. Each audit enables the candidate to demonstrate business, technical and industry knowledge while assessing business risks, identifying key controls, and performing risk-based testing of technology controls. The candidate will also facilitate knowledge sharing of best practices and industry trends to team members, and contribute to thought leadership activities within the IS Audit team. The candidate will work independently, with guidance from Audit management as needed. Career development and growth opportunities exist through our established training programs within the Corporate Audit Services team, as well as in Technology and business functions. The candidate will be expected to maintain all organizational and professional ethical standards.
Here's what we're looking for in an ideal teammate:
- You believe insight and objectivity are core elements to providing assurance on the effectiveness and efficiency of Capital One’s governance, risk management, and internal control processes.
- You adapt to change, embrace bold ideas, and are intellectually curious. You like to ask questions, test assumptions, and challenge conventional thinking.
- You develop influential relationships based upon shared risk objectives and trust to deliver outstanding business impact and elevate Audit’s value proposition.
- You’re a firm believer that a rich understanding of data, innovation, and technical knowledge will only make you a better Auditor. This will require leveraging the power of data analytics and furthering your technical know-how, so you’ll want to ensure that technology doesn’t scare you off.
- You're a teacher. You have a passion for coaching and investing in the betterment of your team.
- Lastly, you create energy and an environment that make it easy to attract, hire, and retain top talent.
- Leads audits or significant components of audits, including the annual capstone information security program audit, cyberrisk management, technology risk management, core data center infrastructure, application, and project audits, as well as audits of emerging technologies and digital capabilities. Develops engagement planning documentation to communicate rationale for scoping decisions and develops audit programs to ensure adequate coverage of risk.
- Monitors current threats, vulnerabilities, emerging technologies and associated risks. Networks with peers from other organizations to stay in front of emerging risks and trends.
- Designs and executes internal control testing for audits, demonstrating a degree of audit expertise consistent with experience level. Understands the broader context and implications of the various risks affecting the business.
- Supervises and coordinates work assignments amongst audit team members. Provides timely feedback and coaching to audit staff.
- Leverage available data and analytical tools during the planning, fieldwork, and reporting phases of audit delivery.
- Establishes and maintains good auditee relations during engagements. Identifies the expectations of the auditee and takes actions to support the auditee experience.
- Effectively communicates audit process scope, protocol, issues, risks and recommendations to clients during kick-off, periodic status updates, and exit meetings
As one of the “100 Best Companies to Work For,” you can look forward to coming to work every day with a team of people that are committed to excellence and doing the right thing.
- Bachelors Degree or military experience
- At least 7 years of experience in information systems auditing, at least 7 years of experience in information security / cyber / technology, at least 7 years of experience in risk management, or a combination.
- At least 3 years of experience managing audit engagements.
- At least 3 years of people management experience
- Master’s Degree in Accounting or Master’s Degree in Finance or Master’s Degree in Information Systems or Master of Business Administration
- Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA), or Certified Internal Auditor (CIA) or Certified Public Accountant (CPA)
- 5+ years of working knowledge of Technology control frameworks
- 5+ years of experience in Banking or 5+ years of experience in financial services industry
- 1+ years of experience with data analytics tools in support of internal audit
Job ID R44754