CSC (Corporation Service Company)
IT Auditor Risk Manager
London-Remote Available
Monday to Friday 8-5
Candidates for this position must be eligible to work without sponsorship. Time on-site or time zone may be necessary based on business need.
Summary:
The IT Auditor Risk Manager is a highly respected, influential and in-demand role within the business. The position is responsible for supporting the security direction of the business and elevating the company's security posture across multiple jurisdictions. The IT Auditor Risk Manager is expected to support the security strategy of the business within new and existing information system capabilities. Consequently, the position requires both an understanding of legacy systems, as well as new technologies and requirements. The IT Auditor Risk Manager is also responsible for leading internal audit efforts and coordinating with audit partners.
The ideal candidate is technical and possesses at least six years of experience in security, compliance, risk management, or audit. The role oversees the business' security requirements and obligations mandated by standards, regulations and regulating bodies such as DORA, the Sarbanes-Oxley Act (SOX), General Data Protection Regulation (GDPR), Federal Financial Institutions Examination Council (FFIEC), and International Organization for Standardization (ISO), AIFMD, PSD2, EBA, ESMA, MAS, CSSF, CIMA, CBI. In tandem with security leadership, the IT Auditor Risk Manager consistently assesses, audits, and validates the assurance of the security program. As a primary point of contact for internal and external auditors, the IT Auditor Risk Manager monitors progress and enforces resolution of outstanding issues that may lead to non-compliance or security threats to the business via effective delegation and empowering cross matrixed teams . Success will be driven by strong servant leadership principles and guidance which compels teams to action. As a primary point of contact for security risks, you will monitor progress and enforce resolution of outstanding issues that may lead to non-compliance or security threats to the business. As a key member of the information security team, the IT Auditor Risk Manager must focus on strong risk management and corporate resiliency, and not be driven solely by compliance.
Some of the things you will be doing:
Build relationships with global teams across Business Operations, Compliance, IT and Legal to manage technology risks and regulatory compliance.
Experience in a leadership role with in IT Audit
Manage and execute delivery of assigned internal, external and jurisdictional audits per published audit plan.
Lead the improvement of security and compliance policies and procedures.
Improve compliance of IT processes and identify opportunities for technology compliance control automation.
Execute end to end compliance initiatives in accordance with the compliance roadmap.
Design high-quality test plans and direct technology control test activities.
Build and maintain controls that map to compliance requirements, provide implementation recommendations and monitor evidence.
Continuously improve the technology control framework in alignment with industry trends
Contribute to coordination with jurisdictional inspectors and audit partners.
Execute and monitor IT risk assessments.
Keep up to date with external technology and compliance regulations, data privacy and security best practices.
Define and publish quantitative and qualitative technology compliance metrics and metrics to assess the success of the security program
Contribute to oversight of GRC technologies and tools.
Identify strengths and weaknesses in IT technology operations and projects as they relate to privacy, security, business resiliency and regulatory compliance.
Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
Work in tandem with GRC and business leadership to perform ongoing security program assessments and audits and create annual strategic technology and budgetary directives
Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Apply GRC expertise across key lines of business, including products, practices and procedures.
What technical skills, experience and qualifications do you need?
At least 6+ years' experience in IT audit, risk management and/or cybersecurity as a practitioner
Strong business acumen and security technology skills for well-rounded proficiency, as well as proven ability to align with security practices and compliance responsibilities.
Extensive knowledge of global technology laws and regulations, including but not limited to PCI, SOX, FFIEC, ISO, GDPR, AIFMD, PSD2, EBA, ESMA, MAS, CSSF, CIMA, CBI. Additional experience in one or more of the following: ISO 27001 or NIST.
Extensive knowledge and understanding of audit standards and practices, and control frameworks (ISO, NIST, COSO, COBIT, etc.).
Understanding of security concepts of threat categories (such as malware, phishing attacks, Defense-in Depth, MITRE ATT&CK framework).
Extensive knowledge and understanding of technology policies, standards, and guidelines.
Experience with regulations and regulatory expectations regarding technology in the region of your accountability.
Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business.
Capacity to understand legacy and progressive technology and security controls along with respective risk. Working knowledge of technologies such as cloud computing, DevOps and application security.
Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
Additional Qualifications
Prior experience leading internal and/or external audits.
Knowledge of or experience with DORA is required
Prior experience working with GRC systems and knowledge of best practices in configuration.
Demonstrated problem-solving capabilities, and ability to manage complex local and international security requirements
Self-motivated, directed and well-organized, with the vision to position controls in anticipation of threats.
Successful track record of managing external entities' contracts and relationships, and mitigating risks to business development opportunities
Highly trustworthy; leads by example.
Education Requirements
Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent industry experience.
Certification Requirements
Holds one or more security, audit and risk industry certifications such as: CISSP, CISM, CRISC, CISA, CIA, CIPP, CIPT, CIPM, CERA, CRM, GRCP, or GRCA.
IT Auditor Risk Manager
London-Remote Available
Monday to Friday 8-5
Candidates for this position must be eligible to work without sponsorship. Time on-site or time zone may be necessary based on business need.
Summary:
The IT Auditor Risk Manager is a highly respected, influential and in-demand role within the business. The position is responsible for supporting the security direction of the business and elevating the company's security posture across multiple jurisdictions. The IT Auditor Risk Manager is expected to support the security strategy of the business within new and existing information system capabilities. Consequently, the position requires both an understanding of legacy systems, as well as new technologies and requirements. The IT Auditor Risk Manager is also responsible for leading internal audit efforts and coordinating with audit partners.
The ideal candidate is technical and possesses at least six years of experience in security, compliance, risk management, or audit. The role oversees the business' security requirements and obligations mandated by standards, regulations and regulating bodies such as DORA, the Sarbanes-Oxley Act (SOX), General Data Protection Regulation (GDPR), Federal Financial Institutions Examination Council (FFIEC), and International Organization for Standardization (ISO), AIFMD, PSD2, EBA, ESMA, MAS, CSSF, CIMA, CBI. In tandem with security leadership, the IT Auditor Risk Manager consistently assesses, audits, and validates the assurance of the security program. As a primary point of contact for internal and external auditors, the IT Auditor Risk Manager monitors progress and enforces resolution of outstanding issues that may lead to non-compliance or security threats to the business via effective delegation and empowering cross matrixed teams . Success will be driven by strong servant leadership principles and guidance which compels teams to action. As a primary point of contact for security risks, you will monitor progress and enforce resolution of outstanding issues that may lead to non-compliance or security threats to the business. As a key member of the information security team, the IT Auditor Risk Manager must focus on strong risk management and corporate resiliency, and not be driven solely by compliance.
Some of the things you will be doing:
Build relationships with global teams across Business Operations, Compliance, IT and Legal to manage technology risks and regulatory compliance.
Experience in a leadership role with in IT Audit
Manage and execute delivery of assigned internal, external and jurisdictional audits per published audit plan.
Lead the improvement of security and compliance policies and procedures.
Improve compliance of IT processes and identify opportunities for technology compliance control automation.
Execute end to end compliance initiatives in accordance with the compliance roadmap.
Design high-quality test plans and direct technology control test activities.
Build and maintain controls that map to compliance requirements, provide implementation recommendations and monitor evidence.
Continuously improve the technology control framework in alignment with industry trends
Contribute to coordination with jurisdictional inspectors and audit partners.
Execute and monitor IT risk assessments.
Keep up to date with external technology and compliance regulations, data privacy and security best practices.
Define and publish quantitative and qualitative technology compliance metrics and metrics to assess the success of the security program
Contribute to oversight of GRC technologies and tools.
Identify strengths and weaknesses in IT technology operations and projects as they relate to privacy, security, business resiliency and regulatory compliance.
Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
Work in tandem with GRC and business leadership to perform ongoing security program assessments and audits and create annual strategic technology and budgetary directives
Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Apply GRC expertise across key lines of business, including products, practices and procedures.
What technical skills, experience and qualifications do you need?
At least 6+ years' experience in IT audit, risk management and/or cybersecurity as a practitioner
Strong business acumen and security technology skills for well-rounded proficiency, as well as proven ability to align with security practices and compliance responsibilities.
Extensive knowledge of global technology laws and regulations, including but not limited to PCI, SOX, FFIEC, ISO, GDPR, AIFMD, PSD2, EBA, ESMA, MAS, CSSF, CIMA, CBI. Additional experience in one or more of the following: ISO 27001 or NIST.
Extensive knowledge and understanding of audit standards and practices, and control frameworks (ISO, NIST, COSO, COBIT, etc.).
Understanding of security concepts of threat categories (such as malware, phishing attacks, Defense-in Depth, MITRE ATT&CK framework).
Extensive knowledge and understanding of technology policies, standards, and guidelines.
Experience with regulations and regulatory expectations regarding technology in the region of your accountability.
Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business.
Capacity to understand legacy and progressive technology and security controls along with respective risk. Working knowledge of technologies such as cloud computing, DevOps and application security.
Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
Additional Qualifications
Prior experience leading internal and/or external audits.
Knowledge of or experience with DORA is required
Prior experience working with GRC systems and knowledge of best practices in configuration.
Demonstrated problem-solving capabilities, and ability to manage complex local and international security requirements
Self-motivated, directed and well-organized, with the vision to position controls in anticipation of threats.
Successful track record of managing external entities' contracts and relationships, and mitigating risks to business development opportunities
Highly trustworthy; leads by example.
Education Requirements
Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent industry experience.
Certification Requirements
Holds one or more security, audit and risk industry certifications such as: CISSP, CISM, CRISC, CISA, CIA, CIPP, CIPT, CIPM, CERA, CRM, GRCP, or GRCA.