Internal Audit, Technology Risk and Cyber Security, Vice President, Dallas

As a Technology Risk and Cybersecurity auditor, you will be involved in independently assessing the firm's overall control environment and communicating the results to the firm's local and global management the effectiveness of the firm's controls that mitigate current and emerging risks and monitoring the management's implementation of control measures. In doing so, you are supporting the provision of independent, objective and timely assurance around the firm's internal control structure, and supporting the Audit Committee, the Board of Directors and Risk Committee in fulfilling their oversight responsibilities.

RESPONSIBLITIES

• Performing regular risk assessments for the area of coverage
• Regularly meeting the business/engineering stakeholders and building strong relationships with management
• Continuously monitoring business and technology developments
• Monitoring regulatory requirements and developments, as well as industry standards
• Performing and leading audit work, including defining the scope of risks and controls, assessment of controls design and effectiveness, reviewing audit work and reporting findings to internal and external management
• Validating the closure of management action points
• Managing, coaching and developing the team

• More than 7 years of relevant audit experience
• Possess a degree in Computer Science, Information Security, Engineering or equivalent
• Must be highly motivated with strong analytical skills, willing and able to learn new business and system processes quickly
• Ability to work effectively across a large audit team, understanding the team's role in the overall strategy of the firm
• Must be able to multitask while managing both time and workload
• Written and verbal communication skills a must; strong interpersonal skills essential. Job requires frequent interaction with technology management

Technology audit skills including:

• Deep understanding of Linux and Windows operating systems, experience of batch scripting and executing standard commands
• Internet infrastructure design and installation and support of network devices and firewalls
• Cloud computing concepts, technologies, risks and mitigating controls
• Systems and security administration and configuration of servers and desktops (UNIX, Windows, directory services etc.)
• Security risks related to web, mobile, web services, and client/server architectures
• Encryption schemes (symmetric, asymmetric, and hashing) and how they may be applied in an application architecture
• Vulnerability assessment and penetration testing methodologies and processes for web, thick client and mobile applications
• Experience with Splunk and/or other SIEM platforms would be useful but not required
• Threat modelling, intelligence and incident response
• Management, monitoring and operations of technology (backups, change management, system monitoring, incident/problem Management)
• Business continuity planning and disaster recovery design and implementation
• Security within the software development lifecycle
• Relevant technology standards and regulations - NIST Cyber Security Framework, FFIEC CAT, ISO 27001, GDPR, NYSDFS, data privacy rules, FFIEC IT handbooks etc.
• Experience with Data Analytics tools and techniques
• Relevant certification or industry accreditation (CISA, CISSP, CISM, etc.)