Cybersecurity Control

CONTRACTOR - IT & Cybersecurity Control Testing Auditor (Senior)
-
(25000MT8)

Missions

The candidate will report to an experienced testing manger and will be responsible for leading reviews as part of the Annual Control Plan focused speficically on Information Technology, Infosec and Cyber risks. The candidate will be responsible to:

· Conduct business process and control walkthroughs and gather information to understand the context, risks and intended control operation to be tested.

· Scope, plan and execute technology and compliance control audits with the following focus areas:

• Design and execute tests to validate application system controls, which may require data analysis, code inspection and re-performance of system processes.
• Analyse the design of controls around the underlying system architecture in the context of information technology controls such as security, availability and performance and their impact on business-aligned technology groups.
• Analyse the business and technology processes to evaluate the effectiveness of the relevant technology controls.
• Validate that system features meet business, technology and regulatory requirements.

· Identify issues through testing, ensuring that appropriate action plans are being developed by the business to correct the deficiencies noted.

· Discuss results and findings with relevant stakeholders including the business or function being tested.

· Document review work and develop final testing reports to document and formally communicate testing results to stakeholders.

· Validate that the business has completed the agreed upon action plans by the due date.

· Maintain regular engagement and provide feedback to key stakeholders within Compliance, Risk and Business units.

· Assist the audit manager with development of the annual risk based Testing Plan.

Profile

LANGUAGE:

Ability to communicate in English, both orally and in writing, is a requirement as the person in this position will need to collaborate regularly with colleagues and partners in the United States.

Competencies:

· Understand and apply Audit methodology and various techniques to perform controls based audits.

· Apply knowledge and experience in auditing general and application controls across a variety of technologies and platform using IS industry standards and best practices

· Apply a broad and comprehensive understanding of high-risk IS/cyber areas including identity and access management, data protection, encryption, firewall security, instruction detection and prevention systems and insider threat.

· Audit non-technical areas including IT governance, project management and systems development.

· Audit experience covering cloud-based infrastructure is a plus, but not required

· Synthesize data and observations into findings and effectively present and communicate conclusions in writing and orally.

· Analyze complex sets of data using Excel, Access, VBA and other advanced scripting and analytical tools that help operate and visualize data.

· Undsertand Investment Banking and Broker Dealer related risks and regulations

· Apply strong analytical, problem-solving and organizational skills, handle multiple, simultaneous, and various ad-hoc requests.

· Exercise strong attention to detail; ability to work independently; prioritize and work in a dynamic, deadline-focused environment.

· Work collaboratively within a complex organization, across multiple cultures, geographies and disciplines; strong interpersonal and written/verbal communication skills.

Technical Skills & Knowledge:

· Experience and application of industry standard technology frameworks and regulations such as NIST, FFIEC, ISO, GDPR, NYSDFS, FISMA etc.

· Experience with various data analytics and data management tools

o Scripting tools: Python, VBA

o Relational data tools: T-SQL, PL/SQL

o Data Visualization tools: PowerBI, Microstrategy, Spotfire

· Expertise with Microsoft Word, Excel, and PowerPoint

· Excellent writing skills

· Securities licenses a plus

Prior work experience:

· 7-11 years of working experience within the Financial Services industry or equivalent environment

· 3-5 years performing audits of systems, physical, logical, or cyber security in a technical environment using generally accepted auditing standards consistent with internal control frameworks.

· General knowledge of applicable regulatory requirements and expectations related to investment banking and broker–dealer activities.

· AML experience a plus.