Manager of Audit II-IT/CyberSecurity

About the position

The Audit Manager II (AM II) of Cybersecurity will support the Director IA, CNB Cybersecurity and Risk Management, and Senior Director IA, US Technology in providing independent, objective assurance over the design and operation of CNB's IT risk management practices, governance processes and the system of internal controls. The position will facilitate audit execution relating to Cybersecurity and IT Risk Management. This includes leading and executing audit activities with an IT audit scope where there is an impact to CNB and its subsidiaries / management affiliates. Examples of audit subject matter includes: Cybersecurity operations, Data protection and data privacy, Identity and access management, IT risk management, Security architecture and engineering, Cloud computing, Network security, Vulnerability management, API security, etc. The position will also provide support in responding to external auditors and US regulators (FRBNY, OCC) and to meet the evolving demands of the US regulatory environment and heightened expectations of internal audit. This includes the coordination of IT related regulatory continuous monitoring, coordination of IA responses to US regulatory examinations, and the verification of CNB IT regulatory issues.

Responsibilities

• Executes on the annual Audit Plan for CNB IT Cybersecurity and IT Risk Management audit universe, ensuring that audits conform to local and global regulatory and internal audit requirements.
• Perform vulnerability assessment and understanding penetration testing methodologies and processes for the web, thick client, and mobile applications.
• Implement the execution of the audit plan and ensure effective audit practices for traditional and continuous audits.
• Collaborate with broader Global RBC and CUSO IT teams and departments to achieve the plan (where needed).
• Make recommendations to clients on control deficiencies and follows up to ensure significant deficiencies are corrected.
• Assist business management to develop appropriate action plans to address identified deficiencies, and ensure corrective actions are implemented in a timely manner to effectively address the issues.
• Plan and execute on moderate to complex and confidential/special audit projects enterprise wide as requested by senior management of the Bank.
• Communicate trends in risk and control issues to senior management on the results of ongoing reviews of the businesses that are key relationships, or any other business as requested.
• Provide support for CNB IT and US-wide regulatory requests, responses and meetings.
• Raise the technical knowledge of the group through various courses, seminars and in-house training in the areas of Information Technology for existing and emerging technologies, and related risk management framework, compliance and audit techniques.
• Raise the technical and business knowledge of the group through IT and business auditor cross integration and allocation.
• Identify new opportunities that would result in cross-team collaboration, develop talent for future roles and create a mutually beneficial situation that allows business and IT auditors to cross pollinate experience and knowledge.
• Build, direct, counsel, and instruct staff assigned to an engagement and review audit plan, findings and reports for sufficient scope and for accuracy.

Requirements

• Bachelor's Degree or equivalent
• Minimum 5 years banking / audit experience within Information Technology, with Cybersecurity and Infrastructure audit experience
• Minimum 3 years of business experience in a financial institution or technology company, dealing with multiple business platforms, business processes, geographies, and legal entities
• CISA - Certified Information Systems Auditor
• CISM - Certified Information Security Manager
• CIA - Certified Internal Auditor
• CEH-Certified Ethical Hacker
• CISSP- Certified Information Systems Security Professional

Benefits

• Starting base salary: $101,231 - $172,355 per year
• Exact compensation may vary based on skills, experience, and location
• This job is eligible for bonus and/or commissions