As a dedicated Director, Audit - IT Security, you will manage the planning, execution and oversight of the consolidated annual audit plan including risk-based assurance and advisory engagements driving quality of technology and information/cybersecurity audit work. Maintain knowledge of large financial services regulations (e.g., Office of the Comptroller of Currency’s Heightened Standards and Federal Reserve Board’s Large Financial Institution Rating System) and effectively respond and interact with regulators. This role manages strategic initiatives and leads in the development and implementation of the risk-based audit plan for technology and information/cybersecurity. Provides independent oversight and thought leadership for audit disciplines ensuring that audit plans, frameworks, standards, and processes provide appropriate risk coverage. Adheres to the Institute of Internal Auditors' International Standards for the Professional Practice of Internal Auditing (Standards) and Code of Ethics and ensures fiscally responsible expense management.
We offer a flexible work environment that requires an individual to be in the office 4 days per week. This position can be based in one of the following locations: San Antonio, TX; Plano, TX, or Charlotte, NC. Relocation assistance is available for this position.
What you'll do:
Accountable for timely delivery and quality execution of Information Technology (IT)/Information Security (IS) audit plan/reports, issue validation, driving continuous monitoring activities, and ensuring appropriate risks are covered for assigned areas of responsibility based on knowledge, skills, and expertise, which include IT general controls, technology infrastructure management and platforms (e.g., mainframe, midrange, distributed), and network architecture and security (e.g., network segmentation, firewalls, proxies, encryption protocols, endpoint protection).
Manages strategic technology and information/cybersecurity initiatives for emerging technology and leads in the development and implementation of a risk-based technology and information/cybersecurity audit plan. Reviews audit universe for completeness for area of responsibility.
Accountable for quality and providing IT/IS technical engagement oversight for multiple engagements, and approval of engagement risk assessment and audit scope.
Develops and maintains effective working relationships with key IT/IS stakeholders across the enterprise to ensure audit objectives are effectively met and contribute to the overall mission of USAA. Communicates effectively with key stakeholders across the enterprise and external regulators to ensure audit objectives are effectively met and contribute to the overall mission of USAA and risk-based and difficult messages are delivered timely.
Oversees the preparation of key reports and communications and may present to governance committees, senior leaders, regulatory bodies, and the USAA Board of Directors.
Provides effective challenge and approval of audit engagement scoping, planning, fieldwork, and reporting. Provides insight in reviewing technology-focused audit issues and identified root cause. Recognizes and communicates impact of related technology and information/cybersecurity issues, MRIAs, MRAs and Enterprise issues on audit engagements and risk profile.
Responsible for reviewing results of the annual risk assessment and providing input into the creation of the technology and information/cybersecurity risk profile. Effectively challenges business management to adopt appropriate policies and procedures and effective controls designed to mitigate risks.
Updates universe risk assessment information with current and applicable research, industry feedback and audit results. Shares perspectives including best practices, audit standards, regulatory requirements with team and stakeholders.
Responsible for providing oversight of issue severity and impact to business processes and the control environment. Escalates broad and systemic themes to Audit and business leaders.
Builds and oversees a team of employees for assigned functional area through ongoing execution of recruiting, development, retention, coaching and support, performance management, and managerial activities.
What you have:
Bachelor’s degree: four additional years of related experience beyond minimum required may be substituted in lieu of a degree.
8 years of experience in an Audit functional area responsible for developing or managing audit plans, aligning business risks to the audit plan, and ensuring business risks are covered from an audit perspective.
3 years of direct team lead or management experience leading and directing work with both internal and external partners in a highly collaborative environment.
5 years audit experience in the technology or information security areas with proven progressive and expanded responsibility.
Experience performing internal audits, external audits, or applying audit, risk, or compliance acumen in a complex operational and regulatory environment.
Experience directly leading or managing work of both internal and external partners.
Broad and comprehensive experience in Audit theory, internal audit principles with demonstrated experience in audit examining, analyzing, assessing, and drawing conclusions from audit work.
Demonstrated experience effectively communicating and challenging Controls with business partners and influencing business outcomes.
Demonstrated critical thinking and knowledge of data analysis tools and techniques and decision-making abilities.
Demonstrated experience in highly dynamic environment and ability to deal with competing priorities.
Specific industry frameworks and standards knowledge required includes COBIT, NIST 800-53, NIST CSF, CRI Profile, OWASP, STIGs, CIS Benchmarks, ISO 27001/2, SOC 2, PCI DSS, ITIL, and FFIEC booklets (e.g., information security, business continuity, etc.).
Experience with compliance requirements including GDPR, GLBA, and CCPA.
What sets you apart:
Experience executing Information Technology (IT)/Information Security (IS) audit plan/reports.
Expertise in IT general controls, network architecture and security (e.g., network segmentation, firewalls, proxies, encryption protocols, endpoint protection), and technology infrastructure management and platforms (e.g., mainframe, midrange, distributed).
Internal audit experience working in a large financial institution.
The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job.
What we offer:
Compensation: USAA has an effective process for assessing market data and establishing ranges to ensure we remain competitive. You are paid within the salary range based on your experience and market data of the position. The actual salary for this role may vary by location. The salary range for this position is: $138,230 - $264,200. Employees may be eligible for pay incentives based on overall corporate and individual performance and at the discretion of the USAA Board of Directors.
Benefits: At USAA our employees enjoy best-in-class benefits to support their physical, financial, and emotional wellness. These benefits include comprehensive medical, dental and vision plans, 401(k), pension, life insurance, parental benefits, adoption assistance, paid time off program with paid holidays plus 16 paid volunteer hours, and various wellness programs. Additionally, our career path planning and continuing education assists employees with their professional goals.
For more details on our outstanding benefits, please visit our benefits page on USAAjobs.com.
Applications for this position are accepted on an ongoing basis, this posting will remain open until the position is filled. Thus, interested candidates are encouraged to apply the same day they view this posting.
USAA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Mazars
Michael page
USAA
Robert Walters
Capita