AVP - Internal Auditor (Cyber Security)
London, Docklands (Hybrid)
£85,000 - £90,000 per annum + annual discretionary bonus
On behalf of a Leading financial services organisation, I am seeking an experienced Internal Auditor with a background in a Cyber Security environment. The internal auditor will be primarily focused on leading audits, continuous monitoring, issue validation, and leading on departmental improvement initiatives.
The organisation offers hybrid working with a non-negotiable 2 days a week in their London office, therefore you must be within reasonable commuting distance to London.
Responsibilities:
* Develop and maintain working relationships with peers across the organization.
* To monitor strategic developments within the business to highlight any unidentified risks or potential control issues.
* Perform continuous monitoring of the business through frequent stakeholder engagement, under the direction of the director, to identify emerging risks and issues and report to audit management.
* Identify areas for improvement within Internal Audit and play a leading role on department improvement initiatives.
* Support and provide input into the Internal Audit risk assessment process to inform the Audit Plan.
* Execution of planning and testing for complex technology, information security audits and high-level reviews, including designing test strategies, audit test papers and drafting of audit findings.
* Validation to confirm management's remediation of audit and regulatory issues.
* Management and tracking of businesses remediation activities.
* Actively contributing to the ongoing improvement of audit practices and methodology.
* Proactively maintain knowledge, skills, and disciplines, with on-going professional development.
* Identify and share useful learning opportunities for other Internal Audit team members.
* Maintain the professional standard of the Internal Audit function and work within its agreed Terms of Reference and IIA standards/guidelines, Charter, and Mandate.
* Demonstrate adaptability to ensure that the audit focus is maintained on key issues, under the guidance of audit senior management.
Experience/Skills required:
* Experience working within Internal Audit in a financial services environment (ideally banking) and audit experience across a range of different information technology in a financial institution.
* Ability to provide technical subject matter expertise during integrated audits.
* Excellent communication skills, both written and verbal.
* Experience and understanding of regulatory requirements, eg, FRBNY, FCA.
* Strong IT security and technical knowledge with approximately 8 years of experience within the industry.
* Working experience with common security/technology risk frameworks, for instance, ISO 27000, NIST, CIS Critical Security Controls, COBIT, and IIA GTAGs.
* Working experience with regulatory standards/requirements (US, UK) ie, GDPR, BCBS 239, FFIEC 101, 3402, CHAP.
* Working experience and/or knowledge of Security domains including Access management, Threat management, Incident response and recovery, Data protection, Vulnerability management, Monitoring and logging, Physical security, and Security risk management and governance.
* Working experience and/or knowledge of cloud, block chain, high volume transaction systems.
* Working experience and/or knowledge of application controls, input/output, configuration, application controls.
* Working experience and/or knowledge of data analytics/predictive analytics, data governance.
* Understand policy/directives, and ability to assess risks across all types of IT systems and operations.
* Audit/Project Management Certifications (desirable) - CMIIA (UK), CIA (US), CISA, CGEIT, CISSP, CISM, CompTIA, SANS, ISC2, Prince2, Agile etc.