Cybersecurity Audit Associate
SMBC Group · Charlotte, NC · 2 wk ago
AccountingFull-time
Role Responsibilities
- Conduct regular audits of cybersecurity and technology related areas assessing adherence to firm and regulatory requirements and assessing design, operating effectiveness and sustainability of associated controls.
- Create audit issues and reports that clearly articulate results, conclusions and recommendations for review with senior audit management and auditees.
- Challenge the ongoing coverage of cybersecurity and technology related areas and present ideas for improvement.
- Facilitate risk issue tracking to promote timely remediation.
- Track and validate closure of issues raised by IAD, external auditors, regulators, and self-identified by stakeholders, including recommending additional actions when necessary.
- Work collaboratively with colleagues and auditees to identify risk concerns and agree reasonable solutions.
- Forge strong partnerships with colleagues in other technology and control functions including legal, compliance, data security and risk management to promote front-to-back collaboration across risk assessment and findings remediation.
- Partner with audit colleagues in other business verticals and/or geographies to share best practices and drive greater consistency. Seek out opportunities to engage with stakeholders outside of formal audit periods to drive deeper relationships.
- Stay up-to-date with evolving industry/regulatory changes impacting the business and participate in appropriate control forums.
- Conduct regular Continuous Monitoring activities and auditable entity updates.
- Recognize the confidential nature of IAD communications and access to information; exercise discipline in protecting the confidentiality and security of information in accordance with IAD policies and procedures.
Qualifications and Skills
- Minimum of 3 years of Cybersecurity/audit experience in the banking and/or technology industry.
- Knowledge and experience in various Technology and Cybersecurity domains, e.g., Identity and Access Management, Vulnerability Management, etc.
- Knowledge of cybersecurity related risks (i.e., Governance, Identify, Protect, Detect, Respond, Recover, Supply Chain, and Demand Management).
- Knowledge of industry relevant standards (e.g., NIST, CRI) and related regulatory expectations (e.g., NYS DFS 500, FFIEC).
- Knowledge of audit techniques, risk and internal controls assessment, and workpaper standards. Ability to manage and execute audits, from planning to audit closing.
- Strong strategic thinking skills including the ability to identify and assess technology related risks.
- Excellent communication (both verbal and written), presentation and professional skills including the ability to interact effectively at all levels within the organization.
- Enthusiastic and self-motivated, effective under pressure and willing to take personal responsibility/accountability.
- Bachelor’s Degree in Information Technology, MIS, Finance, or related field. Advanced degree is a plus.
- Working knowledge of Microsoft Office Suite (Outlook, Excel, Word, PowerPoint).