Senior Audit Manager - Cyber/Information Security
The Senior Audit Manager works with the CIS Audit Director to help drive the strategic direction of Citi's global cyber and information security internal auditing program, which is to be consistent and aligned with Citigroup and Citibank business objectives.
This role is specifically responsible for helping to lead the management of risk assessment and audit delivery for global Cyber and Information Security audits at Citi and includes audits of identity and access management; data protection; security incident response; authentication services; insider threats; vulnerability and threat management; and network perimeter defenses. CoB Governance and Operations, Operational Resiliency, Crisis Management, and the Risk Governance Framework Programs.
- Works with the CIS Audit Director to execute the strategic direction of Citi's global CIS internal auditing program, which is to be consistent and aligned with Citigroup and Citibank business objectives.
- Uses excellent communication, leadership and strong management skills to influence a wide range of internal audiences including respective product, function, or regional executive management partners and external audiences including regulators and external auditors.
- Frequently engages in both internal and external negotiations, which will have a major impact on the function, and possibly on the organization as a whole.
- Responsible for the delivery of high quality, value-added, multiple concurrent CIS audits that are complete, insightful, timely, concise, cost effective, and are in accordance with IA standards, Citi policies, and local regulations.
- Ensures timely delivery of comprehensive regulatory and internal audit issue validation, and where determined appropriate, issue validation on other remediation actions, including issues arising from the external auditors, consultants and other parties.
- Contributes towards the delivery of high impact reports of IA's contributions to executive management, regulators, and Citigroup and Citibank boards' sub-committees, developing trend analyses and thematic reporting.
- Manages a team of professionals. Recruits staff, develops talent, builds effective teams, and manages within a budget. Grooms internal talent and assists in attracting external talent with required expertise to meet the risk profile of the business.
- Possesses comprehensive experience in auditing general and application controls across a variety of technologies and platforms using CIS industry best practices and standards, including the FFIEC Cyber Assessment Tool (CAT) and the NIST Cybersecurity and Risk Management Frameworks.
- Develops approaches to promote knowledge sharing and promulgate management best practices across the CIS Internal Audit team.
- Ensures the CIS internal audit team meets/exceeds the requirements and expectations of Citibank's and Citigroup's regulators.
- Works closely and collegially within IA and with line management and control functions to ensure efficient and effective provision of independent audit assurance.
- Possesses strong project management and interpersonal skills, makes sound decisions, exhibiting initiative and intuitive thinking, political astuteness, and sensitivity to cultural diversity.
- BA/BS or equivalent. Related certifications (CISSP, CISA, CISM, CPA/CITP or similar) are desired.
- Demonstrated senior manager level experience in designing and delivering CIS audit programs to large businesses or governmental entities.
- Specific subject matter expertise in auditing CIS controls across a variety of technologies and platforms and demonstrated experience in auditing using the FFIEC Cyber Assessment Tool (CAT) and the NIST Cybersecurity and Risk Management Frameworks.
- Demonstrated experience in delivering high quality, value-added CIS audits that are complete, insightful, timely, concise, cost effective, and are in accordance with IA standards, laws, and local regulations.
- Demonstrated experience in executing a CIS audit strategy that reflects the organization's risk profile, regulatory/legal requirements, current threat trends, and CIS industry best practices.
- Knowledge and experience in developing and executing CIS risk assessments that align to organization strategies and business objectives.
- Demonstrated experience in managing a team of professionals.
- Effective negotiation skills, a proactive and 'no surprises' approach in communicating issues and strength in sustaining independent views.
- Articulate and effective communicator, both orally and in writing, with an energetic, charismatic and approachable style, well-developed listening skills, and a strong ability to engage a variety of stakeholders, including senior officials, security professionals, regulators, and business executives, on a variety of technical audit matters that is audience-appropriate, risk-based, and actionable.
Grade :All Job Level - All Job FunctionsAll Job Level - All Job Functions - HU
Time Type :
Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.
Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity CLICK HERE .
To view the "EEO is the Law" poster CLICK HERE . To view the EEO is the Law Supplement CLICK HERE .
To view the EEO Policy Statement CLICK HERE .
To view the Pay Transparency Posting CLICK HERE .