Internal Audit Manager - IT Internal Audit Manager - IT …

Silicon Valley Bank
in Tempe, AZ, United States
Permanent, Full time
Be the first to apply
Silicon Valley Bank
in Tempe, AZ, United States
Permanent, Full time
Be the first to apply
Internal Audit Manager - IT
The Internal Audit function provides the Bank with objective and independent assurance services. We work to support the Bank in its mission and help it achieve its objectives through proactive risk management. We have an exciting opportunity in our IT Audit group for an IT Audit Manager and this individual will be an integral part of our audit team to assist with identifying information technology risks and executing IT audits.

The IT Audit Manager should demonstrate an advanced understanding of IT, IT risk management, information security, IT architecture, and IT process areas. This individual will be responsible to lead and manage moderate to complex IT operational audits including performing risk assessments, developing audit scope and audit programs, executing audit programs, working independently, and supervising staff as required. The IT Audit Manager is responsible for evaluating risks and controls for IT infrastructure, cyber security, and related IT processes. This evaluation will be accomplished by conducting internal audits to include formal written reports for the communication of observations, risks, recommendations and conclusions. Responsibilities include the assessment and review of infrastructure, security, processes and technologies, and IT operations.

This role would be a best fit for a highly skilled individual with significant IT audit and/or information security experience at a Big 4 or reputable security consulting firm. If you have the right qualifications, a passion for technology, are deeply technical, can perform well with limited supervision, and build effective relationships across the organization, we would like to meet you.

Core Responsibilities Include:

The IT Audit Manager is responsible for planning and executing the Internal Audit department's IT operational audits and supporting the IT audit practice, including:

  • Scoping, planning, and executing IT operational audits with an emphasis on information/cyber security as well as other IT process areas

  • Stay apprised, engaged, and trained in emerging technologies and technology risks to feed into the development of IT risk assessments and audit programs.

  • Lead the audit execution for information security audit by coordinating with process owners to identify and test controls; validating process documentation; analyzing IT and business information to identify improvement opportunities.

  • Working with the company's external auditors and federal regulators to support their annual audit and examination efforts

  • Drives project completion by reviewing and overseeing the completion of audit work papers, reviewing compensating controls and offering recommendations on risk mitigation

  • Manage the follow-up activities for remediation of issues identified and communicated to management

  • Build effective relationships with IT management, cyber security and incident response teams, web application development teams, and other risk functions throughout the bank


  • Bachelor's and/or master's degree in computer science, computer engineering, management information systems, accounting information systems, or equivalent discipline.

  • 5+ years of experience in leading and conducting audits and/or assessments of key IT domains including information systems, cyber security, SDLC (Agile & waterfall), network & infrastructure architecture, application security, business continuity/disaster recovery, penetration testing, data management, and related processes.

  • Demonstrates ability to discuss and understand information security issues. Has solid understanding across a variety of IT areas such as:

    • Network and infrastructure architecture

    • Operating system/database administration & security

    • Threat and vulnerability assessment

    • Infrastructure and web application security

    • Identity and access management

    • Incident response

    • Cyber security, defense-in-depth, kill-chain

    • SDLC (Waterfall / Agile) & Change Management

    • Data management, data protection, and data privacy

    • Cloud security

    • Business continuity and disaster recovery

    • Computer operations

  • Ability to understand and communicate highly technical issues to both technical and non-technical audiences supported by a strong understanding of concepts related to information security, architecture, and technology risks.

  • Familiarity and understanding of major professional security and audit frameworks and standards (NIST, ISO 27001, ITIL, COBIT, PCI-DSS, etc.)

  • At least one professional certification required, preferably multiple, such as CISSP, CISA, CISM, GSEC, GPEN, GSLC, or equivalent.

  • Strong project management and organizational skills, with the capability to work on multiple projects with minimal direction in a dynamic and fluid environment with rotating priorities

  • Pro-active, high energy and strong interpersonal skills with a team-focused attitude, demonstrating the ability to collaborate and compromise while building constructive and effective relationships

  • Previous experience with attack and penetration testing and/or cyber incident response a plus

  • Financial services industry and regulatory experienced preferred. Big 4 or security consulting firm experience preferred.