Lead, IT & Cybersecurity Auditor

Company: Northwestern Mutual
Location: Milwaukee
Posted on: May 16, 2022

Job Description:

AT NORTHWESTERN MUTUAL, WE ARE STRONG, INNOVATIVE AND GROWING. WE INVEST IN OUR PEOPLE. WE CARE AND MAKE A POSITIVE DIFFERENCE.The Lead IT & Cybersecurity Auditor position will plan, lead, and execute technology & cybersecurity audits. This role serves as an expert for technology & cybersecurity topics. This role will be part of the Corporate Audit & Anti-Fraud (CAAF) team and will work on a variety of audits and projects encompassing cybersecurity, information technology, and help with overall development of a cyber and technology audit framework. This exciting position will impact the overall success of the technology & cybersecurity audit program through the development of innovative ways to leverage NIST frameworks, designing and developing a cybersecurity program that will serve to improve and optimize CAAF's technology & cybersecurity strategic initiative.This position includes significant internal client interface, and as such requires strong professional presence, communication and decision-making skills. The successful candidate will be capable of identifying technology and cybersecurity risks across all areas of the company. The ability to establish exceptional relationships and credibility within the CAAF team and internal Northwestern Mutual clients will be essential to the individual's success, as will the ability to coach, and lead other audit staff in the execution of audit engagements. The Lead IT & Cybersecurity auditor will report up to the Senior Director, IT & Cybersecurity Audit.Key Responsibilities:

• Lead execution of the audit plan for technology infrastructure and cybersecurity and assist in development of long-term strategy based on company goals. In addition, responsible for building the audit testing approach & test steps.
• Demonstrates technical knowledge of routine IT systems and processes and continues development of technical and intermediate analytical skills to understand more complex technologies. Interprets the associated risks, begins to develop a holistic view of risk, develops testing approach, and proposes solutions.
• Responsible for leading cybersecurity design and effectiveness audits of Northwestern Mutual's IT systems and cloud environments (AWS, VMWARE) to ensure compliance with internal standards as informed by NIST 800-53, the NIST Cybersecurity Framework (CSF), and emerging standards.
• Function as a senior member of the technology & cybersecurity audit team, with experience as both as an individual contributor and in team environments where collaboration and adaptability are important.
• Lead multiple concurrent projects, meet established deadlines and quickly adapt to changing priorities, all while working under limited supervision.
• Remains current on cybersecurity auditing practices, cyber emerging threats, industry regulatory changes, and internal company policy and process changes.
• Proactively interfaces with IT functional groups to enhance their understanding of cybersecurity controls needed to comply with standards and regulations, and risk treatment options.
• Prepares and reports on audit recommendations and ensures they are accurately tracked in an audit repository.Minimum Requirements:
  • Bachelor's degree in Accounting, Finance, Information Technology or another relevant field.
  • Subject matter expert knowledge in technology & cybersecurity risks, with demonstrated experience in cloud environments, cybersecurity, technology risks.
  • Subject matter expert level business acumen in business operations, industry practices, and emerging cybersecurity trends.
  • In depth knowledge of industry frameworks/standards utilized for IT internal controls (COBIT, NIST CSF, ISO, etc.)
  • Preferred designations include CISA (Certified Information Systems Auditor), CISSP (Certified Information Security Systems Professional), or other relevant business designations
  • In-depth knowledge and experience in auditing IT applications, technologies, and IT infrastructure (network infrastructure technologies (WAN/LAN), cybersecurity, Active Directory, backup & recovery, data centers, messaging, mobile technologies, remote access, storage, operating systems, virtualization services, and IT service desk)
  • Strong understanding of various types of cloud service models (IAAS, PAAS, SAAS). In Addition, strong understanding of AWS Infrastructure (IAAS)
  • Advanced knowledge & experience in IT general controls (logical access management, system development life cycle management, change management, data security (encryption controls) logging & monitoring, business continuity & disaster recovery, and backup and recovery).
  • Ability to develop, design, and execute IT, and cybersecurity audits using a risk-based approach.
  • Excellent project management and organization skills; ability to multitask.
  • Confidence and gravitas in working with and challenging stakeholders.
  • Excellent ability to develop and write impactful reports and presentations.Preferred Requirements:
    • Demonstrated knowledge of the regulatory environment for Financial Services industry
    • 5+ years of experience in large financial services IT/Security internal audit department, or equivalent IT/Security audit or consulting experience to include top tier firm (EY, Deloitte, PWC, KPMG, etc.)
    • 4+ years of experience leading end-to-end engagements as the auditor in charge and/or leadership experience within the information technology or cyber security fields
    • Model Audit Rule, SOX experienceWork Experience:
      • 7+ years of technology & cybersecurity audit experience with a professional services firm, an internal audit group, or similar environment.#IN-POST#LI-POSTThis job is not covered by the existing Collective Bargaining Agreement.Required Certifications:GROW YOUR CAREER WITH A BEST-IN-CLASS COMPANY THAT PUTS OUR CLIENT'S INTERESTS AT THE CENTER OF ALL WE DO. GET STARTED NOW!We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.If you work or would be working in Colorado or outside of a Corporate location, please click here for information pertaining to compensation and benefits.
        
        FIND YOUR FUTUREWe're excited about the potential people bring to Northwestern Mutual. You can grow your career here while enjoying first-class perks, benefits, and commitment to diversity and inclusion.Flexible work schedulesConcierge serviceComprehensive benefitsEmployee resource groups

Keywords: Northwestern Mutual, Milwaukee , Lead, IT & Cybersecurity Auditor, Accounting, Auditing , Milwaukee, Wisconsin