Director, Cybersecurity & IT Audit

The Internal Audit (IA) organization is responsible for delivering high quality objective and independent assurance over the Company’s key business risks to the Audit Committee and Management in a cost effective way and consistent with Professional Standards. Reflecting the Company’s core value of continuous improvement, the function is in the process of moving toward wider coverage of operational risks, exploring more efficient audit approaches and industry best practices where appropriate.

The Director of Cybersecurity & IT Audit will have specific responsibility for defining, assessing and executing the Cybersecurity plan within the IT function in accordance with professional best practices, and will assist the Vice President of IA and the leadership team in driving function-wide transformation programs and the strategic direction for the team. This person will stay closely aligned with IT Security management in order to understand and add value to our business.

What you’ll do

• Develop and execute Cybersecurity and IT audit strategy in alignment with business objectives, based on thorough understanding of our business and risk exposures
• Perform effective Cyber risk assessments, define Cyber risk-based audit programs and manage/lead operational audits to evaluate controls and compliance
• Deliver high quality, efficient and timely audit work in accordance with the Internal Audit charter, IIA standards and professional best practices
• Build relationships with Cyber/IT leaders to help define scoping, planning and execution of work
• Add value to the business through great communication and alignment with IT senior management
• Drive creation of actions to remediate deficiencies and risk mitigation plan with stakeholders
• Liaise and work closely with external auditors and the SOX Team to manage expectations with regard to reliant IT SOX testing activities
• Budget, allocate resources, and manage the Cybersecurity IA team
• Drive department transformation programs which may include implementing risk based auditing approaches, streamlining processes and documentation, implementing data analytics and continuous audit, improving indicators and performance metrics, audit training and team development, enhancing stakeholder and Audit Committee reporting and department budgeting processes.
• Drive the professional development, including benchmarking, training, certification and engagement in Cyber and IT related forums. Stay current with industry trends, threats, and best practices.
• Report to the Vice President of IA

Examples of desirable skills, knowledge and experience

• Minimum 12 years of core IT Security Audit experience
• Deep understanding of IT Security posturing, threat/impact analysis, IT General Controls, core IT processes, controls, platforms and systems
• Excellent knowledge of Cyber audit best practices, tools/techniques and emerging trends
• Advanced proficiency in security frameworks and standards (i.e., NIST, ISO 27001)
• Experience in areas such as IP Protection, DLP, Encryption, Network, Firewall, SEIM, DMZ, Extranet, etc.
• CISSP, CISA, CIA preferred
• Exceptional leadership and management skills; experience in team development and fostering a culture of continuous improvement.
• Effective communicator, relationship builder and a manager of expectations

Compensation

Compensation may be adjusted depending on work location.

• For Colorado-based hires: Estimated annual salary of $205,000 – $251,000.
• For New York City, Washington, and California (excluding Bay Area) based hires: Estimated annual salary of $234,000 – $286,000.
• For Bay Area-based hires: Estimated annual salary of $247,000 – $301,000