IT Audit Manager, Security and Privacy
The IT Audit Services (ITAS) team is seen as a critical line of defense for the organization. ITAS is comprised of hard-working, highly motivated, and technically skilled professionals who consistently deliver high-quality work in a dynamic environment. The team also promotes a flexible and well-balanced work environment. IT Audit Managers oversee all phases of the audit, oversee the development of a team of direct reports, and will impact the future shape of the organization. Individuals in this role demonstrate and drive professional curiosity, have a continuous improvement mindset, possess the desire/aptitude to rapidly learn new skills and exemplify the highest degree of trust and integrity.
This candidate would work within ITAS’ Security and Privacy work stream. This work stream executes projects and audits within the domains of: Security Policy, Security Governance, Access and Authentication Management, Threat and Vulnerability Management, Security Threat Intelligence, Security Response Management, and Application Security Architecture. Recent experience as a security practitioner is required. Further, strong IT Security knowledge (application security architecture, network security, IT infrastructure, data security administration, database security), as well as familiarity with common security risk frameworks, for instance, ISO 27000, NIST, and CIS Critical Security Controls is a plus. Professional certification (e.g., CISSP, CISM, CompTIA, SANS, ISC2, etc.) is a plus
Primary Duties and Responsibilities:
- Manage and oversee projects and audits within the domains of: Security Policy, Security Governance, Access and Authentication Management, Threat and Vulnerability Management, Security Threat Intelligence, Security Response Management, and Application Security Architecture.
- Stay abreast of current and emerging security risks that could impact the Company.
- Manages staff. Provides guidance, training and motivation as necessary to develop staff. Hires, evaluates and counsels personnel. Follows corporate disciplinary procedures per established Vanguard standards as required. Sets performance standards, reviews performance, provides feedback, recommends wage increases in accordance with all applicable Human Resources policies and procedures.
- Manages audit projects including managing their individual time; scheduling and assigning work and monitoring the progress of audit fieldwork; proposing modifications to current procedures to improve audit effectiveness and efficiency; and continuing to learn the economics of the business. Prepares and delivers presentations to engagement team members, client management and executive senior management.
- Oversees and holds ultimate responsibility for developing and communicating the objectives of an audit and of other planned services to team members and clients.
- Promotes, builds and maintains a constructive relationship with Internal Audit’s customers and stakeholders. Maintains knowledge of significant technology Vanguard IT initiatives.
- Performs prompt and adequate audits, investigations and consulting services. Reviews audit project plans, work papers and audit reports, including discussing issues with management, and ensuring adequate quality control is in operation. Follows up on replies to reports, reviews replies and posts audit reviews. Operations including time management, performance reporting, scheduling staff resources and weekly reporting to Internal Audit Manager.
- Recruits, trains and develops staff to ensure that an efficient and high standard of computer auditing is maintained. Provides assessment of staff, senior and lead auditors.
- Educates staff, senior and lead auditors in audit methodology and understanding IT process and controls.
- Participates in special projects and performs other duties as assigned.
The Ideal Candidate Should Possess:
- Bachelor’s Degree in Computer Science, MIS, Engineering, Information Security, or a related discipline with solid academic credentials.
- Minimum of 9-12 years of experience
- Minimum of 4-5 years of people leadership experience.
- Strong IT Security knowledge (application security architecture, network security, IT infrastructure, data security administration, database security). Working experience and/or knowledge of web and mobile technology.
- Working experience with common security risk frameworks, for instance, ISO 27000, NIST, and CIS Critical Security Controls.
- Demonstrated ability to work in a complex, dynamic, and fast-paced environment with strong inherent project execution skills, including: prioritizing tasks, balancing workload between multiple projects, anticipating next steps, adapting to changing situations and project scope.
- Strong conceptual thinking aptitude.
- Strong interpersonal skills, including: written and verbal communications, willingness to assist in areas outside of direct assignments when necessary, and commitment to self-improvement and completion of team objectives.
- Professional certification (e.g., CISSP, CISM, CompTIA, SANS, ISC2, etc.) is a plus.
- Experience with a global environment and financial services also a plus
- Exposure to consulting, internal audit, compliance or other internal control functions is a plus.
- Ability to travel up to 10% annually, including domestic and limited international travel. Typical travel in this role is 0 to 5% annually.
Vanguard does not provide sponsorship for this position.
Meet Some of Vanguard's Employees
RFP Specialist, CFP®
Megan is part of Vanguard’s Institutional Sales Group. She ensures that each and every information request is processed before being returned to a prospective client.
Back to top