IT & Cybersecurity Audit - Manager
Job DescriptionJob Description
Job Title: IT & Cybersecurity Audit - Manager
Department: Internal Audit Department
Reports To: Internal Audit - IT Audit & Cybersecurity Senior Manager or Director
Location: Corporate Headquarters, Wallingford, CT
Overview
As an integral member of the Internal Audit team, the IT & Cybersecurity Audit Manager will support the company's internal audit functions, including evaluating the effectiveness of the company's IT and Cybersecurity internal controls. This role is crucial in ensuring the integrity, reliability, and security of our IT systems and working directly with our operations to ensure our cyber security posture is designed and operating effectively to prevent cyber-attacks. Additionally, while supporting the overall governance, risk management framework of the company. The ideal candidate will bring a keen analytical mindset, robust technical knowledge, and a proactive attitude to effectively assess IT processes and controls. This is an exciting opportunity to build your skills in IT security, IT Controls, Compliance and Risk Management while contributing to impactful projects in a business setting.
Assist the Senior IT Audit Manager or Director in executing an integrated, value-adding IT audit function via IT General Controls and Cyber Security Controls
Execution of global system-wide risk management function of the information security program to ensure information security risks are identified and monitored. Audit of individual IT audit engagements including operational audit and SOX testing including planning, performing and analyzing audit results using an integrated audit approach which concentrates on high-risk areas, and review of both operational and IT & cyber security controls.
Risk Assessment, including:
o Assist the IT Audit Director to create and perform entity-level risk assessments, Risk Matrix, and
Control Matrix.
o Understand potential risk in processes and cyber security relating to each business unit.
o Develop the IT & Cybersecurity audit plan and act as a thought-partner for the Global Audit
Director in preparing audit strategy for other technology audit areas to collectively form the
annual, risk-based internal audit plan.
Planning of the IT audit, including:
o Schedule IT audits and other projects based on risk assessment, business unit needs and other
priorities.
o Design and follow appropriate risk-based audit procedures and work plans to ensure the
objectives of each audit are achieved.
o Lead the planning, scoping and execution of audit and consulting projects, including guiding
the development of new audit work programs in data privacy and cybersecurity.
Execution of the IT & Cybersecurity audit, including:
o Interact with local IT Management (whether internal and/or co-sourced), Finance team and
Management teams to understand the business.
o Recommend programmatic and technical directions and operate with a high degree of
independence in matters relating to the investigation, impact, and analysis of security
incidents, decisions regarding risk, and measures for compliance.
o Internally assess, evaluate and make recommendations to management regarding the
adequacy of the security controls for the Global Amphenol information and technology
systems.
o Schedule and conduct detailed audits of information technology systems and infrastructures to verify systems are secure and support the related applications or business processes.
o Ensure work paper documentation supports auditing conclusions.
o Audit controls over existing systems and ensuring full compliance with regulatory guidance and internal policies & procedures.
Analyzing and reporting the results, including:
o Prepare and present final audit reports to local and senior management to discuss areas of risk identified, processes weaknesses, areas of risk, recommendation to mitigate that risk.
o Evaluate related action plans and process improvement opportunities with local management.
o Manage the IT audit findings log to ensure Internal Audit follow-up with management and to ensure management action plans are implemented satisfactorily. Escalate discrepancies directly corporate management to determine the reasonableness and appropriateness of remediation plans.
o Review the status of corrective actions taken to improve deficient conditions as generally recommended.
o Conduct advanced penetration and vulnerability tests on a company's system and identify any breaches or weaknesses in the security setup.
o Plan, implement, manage, monitor and upgrade security measures for the protection of the organization's data, systems and networks.
o Troubleshooting problems associated with our security and network, including handling any system breaches.
Qualifications:
Education:
Bachelor's degree in management information systems, Computer Science, IT or related STEM
discipline.
Certification is required - CISA, CISSP, CISM, CICA, CIA, CCSP, CEH, CompTIA Security+, SSCP
Experience:
At least 6 to 8 years of experience in IT Auditing, Cybersecurity, IT security experience and expertise,
often within a public accounting firm or large corporate internal audit or IT department.
Ability to multi-task in a fast-paced, dynamic environment.
Strong analytical skills - ability to analyze and detect trends, issues or flaws; determine root case of
issues; and partner with others to drive solutions.
Excellent communication and report writing skills.
Knowledge of information security risk management frameworks and compliance practices.
Experience responding to, analyzing, and communicating information security incidents.
Excellent interpersonal, communication, and presentation skills, including report writing experience.
Attention to detail, QA skills, the ability to "think forward," adept at problem solving and addressing
issues and complications before they expand.
Experience with and knowledge of hardware and software, networks, data centers, systems and other
related areas related to cyber security.
Conscientiousness and excellent time management skills.
Fluent in Mandarin, Spanish or other European is a plus.
Between 25%-50% travel is required.