U.S. Bank Audit Project Manager - Information Security in Cedar Rapids, Iowa
As a technology Subject Matter Expert (SME), the Audit Project Manager is expected to stay current with emerging risks and appropriate risk management strategies for the technologies in use at the Bank. The Audit Project Manager (APM) is responsible for supervising Senior and Staff Auditors in the completion of audit engagements with minimal supervision from the Audit Manager. The APM is expected to monitor progress of audit engagements against plan and
schedule, assess work performed by the Audit Engagement Team, and provide coaching and on-the-job training for Team members to ensure engagements are completed in conformance with CAS Policies, Standards and Guidelines.
Provide thought leadership, guidance and training in risk management strategies unique to the information systems in use. This includes building a hub of knowledge whereby audit staff, seniors, APMs, audit managers and directors can expand their own knowledge and skills to assess risk and control effectiveness unique to the systems in use. Providing on-the-job training for Audit Staff and Senior Auditors. Trains and mentors Staff and Senior Auditors in related knowledge and skills. Assists Audit Manager with post-audit reviews of Staff and Senior Auditors.
Completing or assisting the Audit Manager in planning audit engagements. Includes identifying and analyzing business processes, key risks and critical controls; determining audit scope; evaluating control design adequacy; and developing audit programs which provide sufficient guidance for testing control performance effectiveness and making evaluations which effectively achieve audit objectives. Identifies potential issues and completes issue documentation as well as assists the Audit Manager with presentation of the issue to the business line.
Supervising Senior and Staff Auditors in the completion of audit engagements. Includes assessing work performed by Senior and Staff Auditors; providing coaching relevant to the scope, accuracy and completeness of work performed; performing reviews to ensure work papers contain relevant facts to support audit scope and conclusions fieldwork to test control design adequacy and operating effectiveness; and, adhere to CAS Policies, Standards and Guidelines. Reviewing documentation of issues ensuring inclusion of root causes and operationally effective and practical recommendations for remediation activities.
Assisting the Audit Manager in the reporting and wrap-up phases of audits. Includes appropriate disposition of issues and drafting audit reports which include reportable issues and finalization of all audit workpapers and issue documents.
Monitoring progress of audit engagements against plan and schedule. Includes making necessary adjustments and promptly completing work paper reviews on a timely basis to ensure all issues are identified and a planned course of action determined prior to report draft issuance.
Bachelor's degree, or equivalent work experience
10 or more years of applicable experience
Bachelor’s degree from an accredited university,(preferably with a major in technology or related field in Accounting, Finance, MIS)
Seven or more years of experience in a combination of systems administration, systems risk assessment, information systems auditing (internal auditing or public accounting)
Professional Certification such as CISSP or other technology (preferably information security) related certification.
The candidate should have unquestionable integrity, objectivity and probing
inquisitiveness with a high tolerance for stress under adversarial conditions.
Special consideration given for Master’s degree(s)
Working knowledge of risks and risk management related to: Network Perimeter Security; Data Loss Prevention; Desktop & Laptop Computer Virus Prevention, Detection & Remediation/Malware Detection & Prevention; Distributed Denial of Services (DDoS) Detection & Prevention; Cryptographic Key Management; Identity & Access Management; Access Federation Administration; and, Information Security Policy & Governance Administration.
Experience with networking and network management technologies (routers, switches, firewalls, intrusion detection systems, encryption management tools, etc).
Working knowledge of information security risks and risk management for midrange client/server technologies (iSeries, UNIX/LINUX, Windows/Active Directory, HP NonStop), mainframe technologies (z/OS, IMS, CICS), and/or Database technologies (Oracle, SQL, DB2).
The candidate should possess analytical skills to analyze a set of data and extract information critical to identifying and communicating the inherent and residual risk to the business line.
The candidate should possess strong verbal skills and should be able to communicate effectively with the audit team as well as the audit client.
The candidate should possess strong documentation skills and should be able to demonstrate proper grammar in their written documentation.
Primary Location: Minnesota-MN-Minneapolis
Shift: 1st - Daytime
Average Hours Per Week: 40
Requisition ID: 190015338
Other Locations: Ohio-OH-Cincinnati, United States
U.S. Bank is an Equal Opportunity Employer committed to creating a diverse workforce.
U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors.