Senior Audit Manager - Cyber Technical, Technology Audit

About the position

Capital One's Audit function is a dedicated group of professionals focused on delivering top-quality assurance services to the organization's Audit Committee. Audit professionals are experienced, well-trained and credentialed, and operate within a collaborative, agile environment to deliver value-added opinions and recommendations. Audit's vision to provide high value, independent, proactive insights, to innovate with technology, and to be a top-notch talent destination, creates a dynamic and challenging atmosphere for both personal growth and professional opportunity.

Capital One is seeking an energetic, self-motivated Sr. Technology Manager with experience in technology, including resiliency and recovery, cyber and information security analysis interested in becoming part of our Audit team. As a member of the Audit team, the candidate will focus on audits of critical technology functions including cloud-based technology implementations as well as data center operations, application, mainframe or cloud technology controls, and cybersecurity risks.

Responsibilities
• Proactively monitor the technology control environment for changing risks and necessary updates.
• Lead continuous monitoring activities and updates to risk assessments, audit universe, and audit plan.
• Oversee multiple, concurrent Cybersecurity, IT Operations including key third party hosted services, and Cloud audits across assigned portfolios.
• Develop engagement planning documentation and audit programs to ensure adequate coverage of risk and sufficient rationale for audit scope.
• Supervise and coordinate work assignments amongst audit team members.
• Provide timely feedback, on-the-job training, and coaching to audit staff and direct reports.
• Establish and maintain good relationships with key business and audit partners, particularly in third party risk and business continuity risk management.
• Leverage specialized knowledge and skills, providing management with insight into areas of technology, business continuity and third party risk.
• Effectively represent internal audit at management meetings, internal forums, and to external organizations.
• Assess relevance of audit findings, potential exposures, materiality, improving or deteriorating trends, and demonstrate awareness of broader issues.
• Interpret business priorities, anticipate issues and obstacles, and apply to scope of role.
• Deliver appropriate, succinct and organized information, tailoring communication style to audience.
• Effectively review and compile relevant, material findings and recommendations into readable and concise audit reports.
• Communicate complex results and implications, incorporating different perspectives into deliverables.
• Manage timely and high quality delivery of multiple tasks, including audits, projects, special assignments, and administrative activities.
• Self-prioritize and independently complete multiple tasks across the team and department.
• Demonstrate the ability to successfully meet deadlines and identify/escalate impediments in a timely manner.

Requirements
• Bachelor's Degree or military experience
• At least 7 years of experience in information technology (resiliency and change management operations, software delivery, access management, information security, cloud computing)
• At least 4 years of experience in managing audit engagements, project management or a combination
• At least 4 years of experience leading a team to deliver initiatives, collection of work or a combination
• At least 4 years of experience in analyzing data extracts to identify trends, patterns, and anomalies, including experience in test scripting, coding (writing, reviewing, or assessing) or a combination
• At least 4 years of experience in information security (application security, network security, cyber security, data protection)
• At least 4 years of experience in third party hosted technology controls (business continuity & disaster recovery, physical and environmental controls)
• At least 2 years of experience in cloud computing and controls (design, operation, risk management, or auditing)
• At least 2 years of experience in third party risk management and business continuity risk management.
• At least 2 years experience of people management

Nice-to-haves
• 8+ years of experience in information systems auditing, in information systems risk management, in technology operations, or a combination
• Certifications related to or pursuing certification related to Cloud, Cyber or Technology Operations, such as Cloud provider certifications, Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM)
• Certifications related to or pursuing certification related to Auditing, such as Certified Internal Auditor (CIA), or Certified Information Systems Auditor (CISA)
• 7+ years of experience with IT control frameworks
• 4+ years of experience auditing cyber or information security
• 4+ years of experience auditing key third party service providers hosting critical enterprise applications
• 4+ years experience in auditing or working in third party risk management and / or business continuity processes.
• 4+ years experience in cloud computing (notably AWS, GCP, Azure) and controls, or 1+ years of conducting audits of controls in cloud-based environments
• 4+ years of experience in risk and data management
• 4+ years of experience performing data analysis in support of internal auditing
• 2+ years of experience auditing emerging technologies

Benefits
• Comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being.
• Performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI).

Apply tot his job