About the position
Vanguard has an exciting opportunity for an IT Engagement Manager on the Global Technology Audit Services Team. Within the organization, Internal Audit & SOX (IAS) is seen as a critical line of defense for the organization. This role will be instrumental in providing assurance and consulting on technology risks and controls across a variety of IT platforms and functions, and security domains (i.e., Governance, Regulations, and Compliance (GRC); computing, cloud, and communications infrastructure; Systems Development Lifecycle (SDLC), change management, application security, data and network security, access controls, threat and vulnerability management, monitoring and logging, incident response, backup and recovery, and physical security). In this role, you will conduct and coordinate dynamic teams leading risk-based audit and consulting engagements to evaluate management's internal controls and influence senior levels of management to take action and improve the control environment. You will collaborate with stakeholder groups across divisions and be instrumental in executing the audit coverage strategy for key risk topics. We look for individuals who can think critically and conceptually, have excellent project management, relationship management, influence, communication, judgement, and decision-making skills.
Responsibilities
- Oversee the delivery of the audit and consulting engagements. Ensure the timely delivery of the highest quality work and value-add recommendations.
- Assess the adequacy of the technology control environment, identify gaps and opportunities for continuous improvement based on relevant knowledge and experience.
- Assist in developing and communicating the objectives of an engagement to audit team, department management and business clients.
- Outline engagement scope, determine level of associated risk and analyze data to determine underlying root causes.
- Challenge established processes and controls to ensure they are adequate to mitigate risk.
- Perform work and analysis on complex technology areas.
- Communicate the status and results of assigned work to various levels of management.
- Influence management to act on recommendations to strengthen the control environment and make process improvements.
- Provide opinion on audit and consulting findings, ratings, and recommendations to management.
- Communicate expectations to team and provide meaningful feedback to help develop team members by identifying and communicating areas for improvement in a timely manner.
- Establish and maintain relationships with technology management across aligned division and risk partners.
- Participate in special projects and perform other duties as assigned.
Requirements
- Minimum of five years related work experience. Audit, risk, or controls experience preferred.
- Undergraduate degree or equivalent combination of training and experience. IT degree or concentration preferred. Graduate degree preferred.
- CIA, CISSP, CISA, CISM, CCSP, CompTIA Security+, SANS GSEC, PMP, or related professional designation preferred.
- Working knowledge and/or experience with one or more aspects of information technology (e.g., application development, cloud, network infrastructure, cybersecurity).
- Working experience with common security risk frameworks (i.e., ISO 27000, NIST, PCI DSS, and CIS Critical Security Controls).
- Ability to work in a complex, dynamic, and fast-paced environment with strong inherent project execution skills.
- Strong interpersonal skills, excellent written and verbal communications, a willingness to assist in areas outside of direct assignments when necessary, and commitment to self-improvement and completion of team objectives.
- Excellent relationship skills and client focused mindset.
Benefits
- Hybrid working model designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection.
