Senior Audit Manager - Cyber Technical, Technology Audit

About the position Capital One's Audit function is a dedicated group of professionals focused on delivering top-quality assurance services to the organization's Audit Committee. Audit professionals are experienced, well-trained and credentialed, and operate within a collaborative, agile environment to deliver value-added opinions and recommendations. Audit's vision to provide high value, independent, proactive insights, to innovate with technology, and to be a top-notch talent destination, creates a dynamic and challenging atmosphere for both personal growth and professional opportunity. Capital One is seeking an energetic, self-motivated Sr. Technology Manager with experience in technology, including resiliency and recovery, cyber and information security analysis interested in becoming part of our Audit team. As a member of the Audit team, the candidate will focus on audits of critical technology functions including cloud-based technology implementations as well as data center operations, application, mainframe or cloud technology controls, and cybersecurity risks. Responsibilities • Proactively monitor the technology control environment for changing risks and necessary updates. • Lead continuous monitoring activities and updates to risk assessments, audit universe, and audit plan. • Oversee multiple, concurrent Cybersecurity, IT Operations including key third party hosted services, and Cloud audits across assigned portfolios. • Develop engagement planning documentation and audit programs to ensure adequate coverage of risk and sufficient rationale for audit scope. • Supervise and coordinate work assignments amongst audit team members. • Provide timely feedback, on-the-job training, and coaching to audit staff and direct reports. • Establish and maintain good relationships with key business and audit partners, particularly in third party risk and business continuity risk management. • Leverage specialized knowledge and skills, providing management with insight into areas of technology, business continuity and third party risk. • Effectively represent internal audit at management meetings, internal forums, and to external organizations. • Assess relevance of audit findings, potential exposures, materiality, improving or deteriorating trends, and demonstrate awareness of broader issues. • Interpret business priorities, anticipate issues and obstacles, and apply to scope of role. • Deliver appropriate, succinct and organized information, tailoring communication style to audience. • Effectively review and compile relevant, material findings and recommendations into readable and concise audit reports. • Communicate complex results and implications, incorporating different perspectives into deliverables. • Manage timely and high quality delivery of multiple tasks, including audits, projects, special assignments, and administrative activities. • Self-prioritize and independently complete multiple tasks across the team and department. • Demonstrate the ability to successfully meet deadlines and identify/escalate impediments in a timely manner. Requirements • Bachelor's Degree or military experience • At least 7 years of experience in information technology (resiliency and change management operations, software delivery, access management, information security, cloud computing) • At least 4 years of experience in managing audit engagements, project management or a combination • At least 4 years of experience leading a team to deliver initiatives, collection of work or a combination • At least 4 years of experience in analyzing data extracts to identify trends, patterns, and anomalies, including experience in test scripting, coding (writing, reviewing, or assessing) or a combination • At least 4 years of experience in information security (application security, network security, cyber security, data protection) • At least 4 years of experience in third party hosted technology controls (business continuity & disaster recovery, physical and environmental controls) • At least 2 years of experience in cloud computing and controls (design, operation, risk management, or auditing) • At least 2 years of experience in third party risk management and business continuity risk management. • At least 2 years experience of people management Nice-to-haves • 8+ years of experience in information systems auditing, in information systems risk management, in technology operations, or a combination • Certifications related to or pursuing certification related to Cloud, Cyber or Technology Operations, such as Cloud provider certifications, Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM) • Certifications related to or pursuing certification related to Auditing, such as Certified Internal Auditor (CIA), or Certified Information Systems Auditor (CISA) • 7+ years of experience with IT control frameworks • 4+ years of experience auditing cyber or information security • 4+ years of experience auditing key third party service providers hosting critical enterprise applications • 4+ years experience in auditing or working in third party risk management and / or business continuity processes. • 4+ years experience in cloud computing (notably AWS, GCP, Azure) and controls, or 1+ years of conducting audits of controls in cloud-based environments • 4+ years of experience in risk and data management • 4+ years of experience performing data analysis in support of internal auditing • 2+ years of experience auditing emerging technologies Benefits • Comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. • Performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Apply tot his job