Audit Manager, Emerging Risk & Cyber Security Audit

Purpose

Contributes to the overall success of the Emerging Risk & Cyber Security Audit in ensuring specific individual goals, plans, initiatives are executed / delivered in support of the team's business strategies and objectives. Ensures all activities conducted are in compliance with governing regulations, internal policies and procedures. As an Audit Manager you will participate in the execution of risk-based technology audits, across Cyber Security, Technology Infrastructure, Digital Banking, Cloud, and Architecture, of medium to high complexity to provide opinions on the effectiveness of controls to meet business objectives. In addition, you are expected to be knowledgeable in risks associated with systems development methodologies (Waterfall and Agile), automation and orchestration, IT service delivery, and outsourced IT services.

The incumbent will be required to work as part of a team that assesses the design and operational effectiveness of governance and internal controls relating to digital banking, cloud services, cyber security, data protection and management, outsourcing, technology infrastructure, and project management. Apart from the technical skills noted, the incumbent should be proficient at applying risk-based auditing standards, practices, techniques, processes, internal/external methodologies and regulatory guidelines to the performance and review of audits. The Bank's Internal Audit Department plays a key role in the risk management process of the Bank, as follows:

• Execute risk-based information technology audits of moderate to high complexity and conclude whether risks are appropriately managed through the existence of effective control or other techniques.

• Follow the Audit Standard Guidelines of the Bank and specific application, project and operations audit methodologies.

• Ensure that audit conclusions and recommendations are properly supported by an orderly accumulation and analysis of documented audit evidence, and that the audit report content is clear, concise and supported by the audit work completed.

• Perform accountabilities with some supervision and provide audit management and audit client with regular status updates of the assignment. The incumbent is expected to seek and obtain direction, perspective and resources as required to complete the assigned audit on time and within budget.

• Prepare and discuss audit findings with clients; identifying significant issues in a business context, working with audit clients to identify and recommend feasible solutions.

• Establish and maintain positive relationship management with audit clients.

• Maintain information security competency through ongoing professional development and staying abreast of technical matters in the industry.

• Champions a customer focused culture to deepen client relationships and leverage broader Bank relationships, systems and knowledge.

• Understand how the Bank's risk appetite and risk culture should be considered in day-to-day activities and decisions.

Skills, Experience & Functional Competencies

• 3-5 years of experience in information technology, information security, cyber security, IT risk, IT audit or a related field.

• Good knowledge of IT processes such as digital banking, cloud engineering and operations, IT and cyber security.

• Excellent written and verbal communication skills.

• Some knowledge and experience with security assessment tools (e.g., exploit tools, vulnerability assessment) would be an added advantage.

• Ability to work independently and as part of a team of professionals.

• Working knowledge of primary Bank business areas (e.g., retail banking) would be an asset.

Education and Other Requirements

• Bachelor's degree in information technology, computer science or equivalent required.

• One or more of the following certifications: CISA, CISM, CRISC, CRMA, CCSP or working towards achieving these.

• Good analytical skills and proficiency with Microsoft Word, Excel, and PowerPoint.