U.S. Bank Audit Project Manager - Information Technology in Albany, New York
As a technology Subject Matter Expert (SME), the APM is expected to stay current with emerging risks and appropriate risk management strategies for the technologies in use at the Bank. The Audit Project Manager (APM) is responsible for supervising Senior and Staff Auditors in the completion of audit engagements with minimal supervision from the Audit Manager. The APM is expected to monitor progress of audit engagements against plan and schedule, assess work performed by the Audit Engagement Team, and provide coaching and on-the-job training for Team members to ensure engagements are completed in conformance with CAS Policies, Standards and Guidelines.
Provide thought leadership, guidance and training in risk management strategies unique to the information systems in use. This includes building a hub of knowledge whereby audit staff, seniors, APMs, audit managers and directors can expand their own knowledge and skills to assess risk and control effectiveness unique to the systems in use. Providing on-the-job training for Audit Staff and Senior Auditors. Trains and mentors Staff and Senior Auditors in related knowledge and skills. Assists Audit Manager with post-audit reviews of Staff and Senior Auditors.
Completing or assisting the Audit Manager in planning audit engagements. Includes identifying and analyzing business processes, key risks and critical controls; determining audit scope; evaluating control design adequacy; and developing audit programs which provide sufficient guidance for testing control performance effectiveness and making evaluations which effectively achieve audit objectives. Identifies potential issues and completes issue documentation as well as assists the Audit Manager with presentation of the issue to the business line.
Supervising Senior and Staff Auditors in the completion of audit engagements. Includes assessing work performed by Senior and Staff Auditors; providing coaching relevant to the scope, accuracy and completeness of work performed; performing reviews to ensure work papers contain relevant facts to support audit scope and conclusions fieldwork to test control design adequacy and operating effectiveness; and, adhere to CAS Policies, Standards and Guidelines. Reviewing documentation of issues ensuring inclusion of root causes and operationally effective and practical recommendations for remediation activities.
Assisting the Audit Manager in the reporting and wrap-up phases of audits. Includes appropriate disposition of issues and drafting audit reports which include reportable issues and finalization of all audit workpapers and issue documents.
Monitoring progress of audit engagements against plan and schedule. Includes making necessary adjustments and promptly completing work paper reviews on a timely basis to ensure all issues are identified and a planned course of action determined prior to report draft issuance.
Performing other duties as requested by CAS management.
Bachelor's degree, or equivalent work experience
Seven years of experience in an applicable risk management environment
Applicable professional certifications
Bachelor’s degree from an accredited university,(preferably with a major in technology or related field in Accounting, Finance, MIS) or equivalent work experience.
Experience in a combination of systems administration, systems risk assessment, information systems auditing (internal auditing or public accounting)
Professional Certification such as CISSP or other technology (preferably information security) related certification. Note: Experience can be accepted in lieu of certification/advanced degree when hiring individuals without a professional certification at the Audit Senior or higher levels. CAS requires all professional staff members at the Audit Senior and above levels to obtain a professional certification or advanced degree that is applicable to the work performed by CAS
The candidate should have unquestionable integrity, objectivity and probing inquisitiveness with a high tolerance for stress under adversarial conditions.
Special consideration given for Master’s degree(s)
Working knowledge of risks and risk management related to: Network Perimeter Security; Data Loss Prevention; Desktop & Laptop Computer Virus Prevention, Detection & Remediation/Malware Detection & Prevention; Distributed Denial of Services (DDoS) Detection & Prevention; Cryptographic Key Management; Identity & Access Management; Access Federation Administration; and, Information Security Policy & Governance Administration
Experience with networking and network management technologies (routers, switches, firewalls, intrusion detection systems, encryption management tools, etc).
Working knowledge of information security risks and risk management for midrange client/server technologies (iSeries, UNIX/LINUX, Windows/Active Directory, HP NonStop), mainframe technologies (z/OS, IMS, CICS), and/or Database technologies (Oracle, SQL, DB2)
Strong analytical skills to analyze a set of data and extract information critical to identifying and communicating the inherent and residual risk to the business line
The candidate should possess strong documentation skills and should be able to demonstrate proper grammar in their written documentation
Strong verbal skills and the ability to communicate effectively with the audit team as well as the audit client
Organized and detailed oriented to ensure all assigned tasks are completed in an efficient and effective manner
The candidate should be able to work independently and complete tasks assigned within the assigned timeframes as well as work in a team environment and assist other team members as necessary often managing multiple tasks simultaneously
Primary Location: Minnesota-MN-Minneapolis
Shift: 1st - Daytime
Average Hours Per Week: 40
Requisition ID: 180017873
Other Locations: United States
U.S. Bank is an Equal Opportunity Employer committed to creating a diverse workforce.
U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors.