Connecting linkedin



IT Audit VP - Large Financial Organization

  • Location

    New York City

  • Sector:

    Financial Services and Banking

  • Job type:


  • Salary:


  • Contact:

    Steven Budziszewski

  • Contact email:

  • Salary high:


  • Salary low:


  • Published:

    5 months ago

  • Expiry date:


  • Startdate:


You will be expected to:
 Assist / Lead the risk assessment, scoping and planning of a review.
 Assist / Lead in executing the review. Specifically focusing on the following:
o Design and execute tests to validate identified application system controls, which may require data analysis, code inspection and re-performance of system processes.
o Analyse the design of controls around the underlying system architecture in the context of information technology controls such as security, availability and performance and their impact on business-aligned technology groups.
o Analyse the business and technology processes to evaluate the effectiveness of the relevant technology controls.
o Validate that system features meet business, technology and regulatory requirements.
o Validate the quality of internal SOX assessments.
 Document the results of the test steps executed within the IA automated document project repository.
 Assist/Lead in the report preparation
 Assist/Lead in presenting the scope, progress and results of the review to internal, technology and business stakeholders.
Mandatory Qualifications
 Possess a degree in Computer Science, Information Security, Engineering or equivalent
 Technology skills including:
 Deep understanding of Linux and Windows operating systems, experience of batch scripting and executing standard commands
 Internet infrastructure design and installation and support of network devices and firewalls
 Cloud computing concepts, technologies, risks and mitigating controls
 Systems and security administration and configuration of servers and desktops (UNIX, Windows, directory services etc.)
 Security risks related to web, mobile, web services, and client/server architectures
 Encryption schemes (symmetric, asymmetric, and hashing) and how they may be applied in an application architecture
 Vulnerability assessment and penetration testing methodologies and processes for web, thick client and mobile applications
 Experience with Splunk and/or other SIEM platforms would be useful but not required
 Threat modelling, intelligence and incident response
 Management, monitoring and operations of technology (backups, change management, system monitoring, incident/problem Management)
 Business continuity planning and disaster recovery design and implementation
 Security within the software development lifecycle
 Relevant technology standards and regulations – NIST Cyber Security Framework, FFIEC CAT, ISO 27001, GDPR, NYSDFS, data privacy rules, FFIEC IT handbooks etc.
 Data and log analysis (using SQL and Splunk) and visualisation (using Spotfire, Tableau, QlikView or other) would be useful but not required
 Relevant certification or industry accreditation (CISA, CISSP, CISM, etc.) useful but not required