Manager I/ IT & IS Assurance
Popular
- San Juan, PR
- Permanent
- Full-time
- Develop and execute 2LOD validation program strategy for Cyber and IT-related controls following recommendations. Establishing the 2LOD Control Assurance function includes:
o Selection of tools for control evaluation and documentation
o Development of policies, procedures, methodology, and communication strategy
o Testing program, test planning, control selection
o Establish reporting metrics and escalation process.
- Prepare the annual review plan for IT and Cybersecurity controls considering the results of the 2nd Line of Defense Risk and Control Self Assessments (RCSA), applicable laws and regulations, industry best practices, emerging risks, etc.
- Oversee the planning and execution of tests to ensure compliance with laws, regulations, or industry standards and evaluate the effectiveness and efficiency of IT and Cybersecurity systems and processes.
- Coordinate with the Division Managers the tests to be performed.
- Communicate findings from testing engagements to Managers, Division Managers, and Group Managers and recommend enhancements or changes based on test results. Prepare clear, concise, and well-supported reports that communicate findings and recommendations in a manner that influences management to take corrective action.
- As appropriate, present results and status of testing engagements to Management Committees.
- Monitor action plan completion for recommendations resulting from the reviews.
- Communicate with internal and external stakeholders the results of the testing engagements.
- Administrative functions – team management, training, and mentoring team members, budget, updates of policies and procedures, etc.
Certifications in Cyber or IT Audits (CISSP, CISA, etc) required (or working towards a related-certification within a specific period of time)Experience
- At least 5+ years of experience overseeing control testing within internal or external auditing of information technology, cybersecurity, IT risk management, IT SOX, or general hands-on IT or cyber experience (cyber operations, networking, programming, infrastructure, database); preferably supporting financial institutions.
- Minimum of 3 years of experience in supervising and leading teams, providing direction and guidance on IT assurance projects.
- In-depth understanding of cyber controls, and IT controls related to: IT infrastructure, network security, database management, and system development life cycle.
- Expertise in conducting risk assessments, vulnerability assessments, and control evaluations.
- Excellent analytical, problem-solving, and decision-making skills.
- Outstanding communication and interpersonal skills to effectively engage with stakeholders at all levels.
- Ability to work independently, manage multiple priorities, and meet deadlines in a fast-paced environment.
- Comprehensive understanding of internal control environments within the IT function. Understanding information security standards, best practices for securing computer systems, and applicable laws and regulations.
- Knowledge of internal auditing, controls, risk management, and finance and accounting practices and methods.
- Experience with multiple technology domains, including aspects of Windows / Office 365, web and/or database management, software development, networking, and automation.
- Working knowledge of MS Office: Word, Excel, PowerPoint, ACL or Arbutus, and Database Querying (SQL). Excellent people skills to develop and maintain good relationships with stakeholders.
- Ability to work under pressure to meet deadlines.
- Excellent organizational skills to work with multiple things and comply with established deadlines.
- Excellent leadership and teamwork skills.