Senior Audit Manager - IT Cyber Security

Purpose of Job

We are currently seeking a talented Senior Audit Manager – IT Cyber for our San Antonio, TX facility.

The Senior Audit Manager plans, directs and independently completes highly complex and often cross-functional risk-based assurance and advisory engagements and/or audit quality assessments. Manages strategic initiatives and assists with the development and implementation of a risk-based audit plan. Serves as a business and/or information technology SME, analyzes issues and makes decisions, establishes collaborative client relationships; and proactively works with client management to improve internal controls. Adheres to the Institute of Internal Auditors' Standards and Code of Ethics.

Job Requirements

  • As a subject matter expert, provides recommendations to leadership and guidance to staff members. Promotes the development of effective team relationships and functions in various capacities to ensure the success of team efforts. Approves the scope of the audit. 
  • Updates and ensures the universe risk assessment is current with applicable research and industry feedback.
  • Independently prepares, reviews, and leads special reviews, investigations, monitoring activities, and work for external auditors and/or regulators. Ensures assigned engagements are completed objectively, professionally, and in accordance with corporate and industry audit standards.
  • Executes and leads audit fieldwork on assigned internal audit engagements with limited to no supervision in support of execution of the annual audit plan. Manages engagement-related efforts and assignments of staff with varying degrees of expertise and experience when conducting engagements, specialized audits or highly complex business audits recognizing the cross-matricing and cross-functionality within the specialized functions/business areas.
  • Coaches and mentors others on the use of various business systems, applications, and audit tools.
  • Proactively identifies control weaknesses and opportunities for improvement in the current operating environment and provides recommendations for corrective action. Drafts the related audit issues and audit reports for issuance to respective client leadership and conducts follow-up activities as defined in the observations.
  • Provides input into the creation of the internal audit universe and annual plan. Participates in the development of the strategic annual plan ensuring risks are appropriately identified and rated and assists with the implementation of the annual plan.
  • Builds and enhances client relationship across the organization helping to drive strategic objectives with the business.  Communicates with the business/clients to include delivering difficult messages.  May be asked to communicate with regulators and executive leaders.
  • Influences business and clients across the enterprise in regards to effective internal controls and mitigating risks across the full taxonomy.

Minimum Requirements

  • Bachelor's degree in Accounting, Finance, Information Technology or other relevant field OR four additional years of related experience beyond minimum required may be substituted in lieu of a degree.
  • 8 or more years of audit, financial, insurance, banking, information technology or related business experience.
  • Subject matter expert knowledge in Audit theory with demonstrated experience in one or more of the following areas: regulatory, AML, GSD, compliance, risk, models, IT.
  • Subject matter expert level business acumen in business operations, industry practices, and emerging trends

Preferred

  • 8+ years of experience in large financial services IT/Security internal audit department, or equivalent IT/Security audit experience to include top tier firm (Big 4, Protiviti, etc.)
  • 3+ years experience leading end-to-end engagements as the Auditor-in-Charge (AIC) and/or leadership experience within the information technology or security fields
  • Demonstrated knowledge of internal controls, business and information technology risks (focus on cyber security risks and controls) and/or audit techniques in a large financial services organization
  • Demonstrated knowledge and practical experience of cyber security technologies including firewall, IDS/IPS, DLP, Proxies, anti-malware, CASB, email security, remote access, security baseline, SIEM, PKI, data encryption/tokenization, database security, RACF security, etc.
  • In-depth knowledge of industry frameworks utilized for cyber security (NIST, ISO, etc.)
  • Demonstrated knowledge of the regulatory environment for relevant industry
  • Advanced knowledge of Cyber Security, IT application controls, ITGCs, Mobile, Virtualization, WebSphere as well as IT infrastructure including databases, networks, operating systems
  • Experience with audit engagement support tools including electronic workpapers
  • Exceptional communication and project management skills
  • Preferred designations include CISA (Certified Information Systems Auditor), CISSP (Certified Information Security Systems Professional), or other relevant business designations

The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job.

At USAA our employees enjoy one of the best benefits packages in the business, including a flexible business casual or casual dress environment, comprehensive medical, dental and vision plans, along with wellness and wealth building programs. Additionally, our career path planning and continuing education will assist you with your professional goals.

USAA also offers a variety of on-site services and conveniences to help you manage your work and personal life, including seven cafeterias, two company stores and three fitness centers.

Relocation assistance is available for this position.