Sr. Manager - Information Security Audit
Corporate Audit Services (CAS), the Internal Audit function within Capital One, is a dedicated group of audit professionals focused on delivering top quality assurance services to the organization’s Audit and Risk Committees. The CAS department is considered one of the leading internal audit functions within the financial services industry and is highly regarded within Capital One. CAS professionals are experienced, well-trained and credentialed, and operate within a highly collaborative team environment to deliver value added opinions, recommendations, advice and counsel. In addition, the CAS prides itself on having a dynamic and challenging atmosphere for both personal growth and professional opportunity.
Capital One is seeking an energetic, self-motivated Information Systems (IS) Audit Senior Manager interested in becoming part of our Corporate Audit Services team. The candidate will focus on emerging technologies (e.g., cloud, APIs) and digital capabilities (e.g., mobile), as well as reviews of Technology processes, applications, and core infrastructure. In addition, the Sr. Manager will work closely with members of the IS and operational audit teams as it relates to assessment of emerging technologies and core technology that supports key processes. Each audit enables the candidate to demonstrate business, technical and industry knowledge while assessing business risks, identifying key controls, and performing risk-based testing of technology controls. The candidate will also facilitate knowledge sharing of best practices and industry trends to team members, and contribute to thought leadership activities within the IS Audit team. The candidate will work independently, with guidance from Audit management as needed. Career development and growth opportunities exist through our established training programs within the Corporate Audit Services team, as well as in Technology and business functions. The candidate will be expected to maintain all organizational and professional ethical standards.
- Leads audits or significant components of audits, including core data center infrastructure, application, and project audits, as well as audits of emerging technologies and digital capabilities. Develops engagement planning documentation to communicate rationale for scoping decisions and develops audit programs to ensure adequate coverage of risk.
- Monitors emerging technologies and associated risks. Networks with peers from other organizations to stay in front of emerging risks and trends.
- Designs and executes internal control testing for audits, demonstrating a degree of audit expertise consistent with experience level. Understands the broader context and implications of the various risks affecting the business.
- Supervises and coordinates work assignments amongst audit team members. Provides timely feedback and coaching to audit staff.
- Leverage available data and analytical tools during the planning, fieldwork, and reporting phases of audit delivery.
- Establishes and maintains good auditee relations during engagements. Identifies the expectations of the auditee and takes actions to support the auditee experience.
- For major components of audits, assesses relevancy of audit findings, potential exposures, materiality, improving or deteriorating trends, and demonstrates awareness of big picture issues. Interprets business priorities, anticipates issues and obstacles, and applies to scope of role. Identifies and implements efficiencies in executing test work.
- Manages timely and quality delivery of multiple tasks, including audits, projects, special assignments, and administrative tasks. Self-prioritizes and independently completes multiple tasks across the team and department. Demonstrates the ability to successfully meet deadlines for the audit engagement.
- On audit engagements, facilitates teamwork, coordinates and leverages available resources to complete engagements on time. Builds and utilizes relationships outside immediate Corporate Audit Services team to improve overall quality.
- Effectively communicates audit process scope, protocol, issues, risks and recommendations to clients during kick-off, periodic status updates, and exit meetings
- Bachelors Degree or military experience
- At least 7 years of experience in information systems auditing, at least 7 years of experience in information systems risk management, or a combination
- At least 3 years of experience managing audit engagements
- At least 3 years of people management experience
- Master’s Degree in Accounting or Master’s Degree in Finance or Master’s Degree in Information Systems or Master of Business Administration
- Certified Information Systems Security Professional (CISSP) or Certified Information Systems Auditor (CISA) or Certified Internal Auditor (CIA) or Certified Public Accountant (CPA)
- 5+ years of working knowledge of Technology control frameworks
- 5+ years of experience in Banking or 5+ years of experience in financial services industry
- 1+ years of experience with data analytics tools in support of internal audit
At this time, Capital One will not sponsor a new applicant for employment authorization for this position.