AVP - Internal Auditor (Cyber Security)

AVP - Internal Auditor (Cyber Security)

London, Docklands (Hybrid)

£85,000 - £90,000 per annum + annual discretionary bonus

On behalf of a Leading financial services organisation, I am seeking an experienced Internal Auditor with a background in a Cyber Security environment. The internal auditor will be primarily focused on leading audits, continuous monitoring, issue validation, and leading on departmental improvement initiatives.

The organisation offers hybrid working with a non-negotiable 2 days a week in their London office, therefore you must be within reasonable commuting distance to London.

Responsibilities:

• Develop and maintain working relationships with peers across the organization.
• To monitor strategic developments within the business to highlight any unidentified risks or potential control issues.
• Perform continuous monitoring of the business through frequent stakeholder engagement, under the direction of the director, to identify emerging risks and issues and report to audit management.
• Identify areas for improvement within Internal Audit and play a leading role on department improvement initiatives.
• Support and provide input into the Internal Audit risk assessment process to inform the Audit Plan.
• Execution of planning and testing for complex technology, information security audits and high-level reviews, including designing test strategies, audit test papers and drafting of audit findings.
• Validation to confirm management's remediation of audit and regulatory issues.
• Management and tracking of businesses remediation activities.
• Actively contributing to the ongoing improvement of audit practices and methodology.
• Proactively maintain knowledge, skills, and disciplines, with on-going professional development.
• Identify and share useful learning opportunities for other Internal Audit team members.
• Maintain the professional standard of the Internal Audit function and work within its agreed Terms of Reference and IIA standards/guidelines, Charter, and Mandate.
• Demonstrate adaptability to ensure that the audit focus is maintained on key issues, under the guidance of audit senior management.

Experience/Skills required:

• Experience working within Internal Audit in a financial services environment (ideally banking) and audit experience across a range of different information technology in a financial institution.
• Ability to provide technical subject matter expertise during integrated audits.
• Excellent communication skills, both written and verbal.
• Experience and understanding of regulatory requirements, eg, FRBNY, FCA.
• Strong IT security and technical knowledge with approximately 8 years of experience within the industry.
• Working experience with common security/technology risk frameworks, for instance, ISO 27000, NIST, CIS Critical Security Controls, COBIT, and IIA GTAGs.
• Working experience with regulatory standards/requirements (US, UK) ie, GDPR, BCBS 239, FFIEC 101, 3402, CHAP.
• Working experience and/or knowledge of Security domains including Access management, Threat management, Incident response and recovery, Data protection, Vulnerability management, Monitoring and logging, Physical security, and Security risk management and governance.
• Working experience and/or knowledge of cloud, block chain, high volume transaction systems.
• Working experience and/or knowledge of application controls, input/output, configuration, application controls.
• Working experience and/or knowledge of data analytics/predictive analytics, data governance.
• Understand policy/directives, and ability to assess risks across all types of IT systems and operations.
• Audit/Project Management Certifications (desirable) - CMIIA (UK), CIA (US), CISA, CGEIT, CISSP, CISM, CompTIA, SANS, ISC2, Prince2, Agile etc.