Senior Manager - IT Audit

Get Referred

Job Description

The primary objective of the Cybersecurity & IT Process audit team is to perform technology control examinations, which consist of information security, infrastructure, enterprise architecture, application development, DevOps, IT risk management and other technology process controls.


In this role, the IT Audit Senior Manager will understand help oversee the strategy, risk assessment, execution, issue resolution and reporting process within audits, as well as assist in annual planning, maintaining cyber coverage strategy, regulatory compliance requirements, portfolio specific execution protocols, and ongoing business monitoring. This role will also have an opportunity to help lead a training and development program we are building in-house to give our technology and non-technology auditors more knowledge and “hands on the keyboard experience” with key information security related concepts. This role will have the opportunity to communicate regularly with leaders of the first line American Express Information Security and Global Infrastructure organizations, the second line Information Technology/Information Security oversight organization, as well as regulators.


Key performance objectives:

  • Serve as team leader on multiple, concurrent complex cybersecurity and technology operations/process audit projects
  • Manage and supervise team of auditors in accomplishing team objectives on each audit
  • Lead evaluation of inherent risks, control designs, and test planning
  • Oversee test execution and review audit deliverables
  • Assess the impact of exceptions and control deficiencies
  • Present testing results and exceptions to various levels of client leadership
  • Assist in the development of cost-justified, value-added management actions
  • Effectively handle multiple competing priorities and successive increase in responsibilities
  • Assist with annual audit planning activities and drafting of planned audits, schedule and planned scope
  • Help lead in-house developed information security training and development program
  • Communicate regularly with Technology leadership and regulators about status of audit plan and key audit findings and remediation plans


  • 6-8 years relevant IT audit/consulting experience in a Big 4 or financial services environment required
  • Experience and/or strong acumen to quickly grasp highly technical risks, concepts, and processes related to a complex information security and technology environment is required. Subject matter experience includes: threat & vulnerability management, IT asset & configuration management, network, server and endpoint security, encryption and data protection, enterprise resilience, cloud computing, DevOps, and third party security risk management

  • Certified Information Systems Auditor (CISA) or relevant advanced industry certification required

  • One or more relevant advanced industry certification(s) desired (e.g., CISSP, CISA, CEH) strongly preferred

  • Experience in interacting directly with regulators is strongly preferred

  • Knowledge of relevant regulations and frameworks; including COSO, COBIT, PCI, NIST, ITIL, Cloud Control Framework, FFIEC, GLBA 501(b) desired

  • Bachelors degree required

Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.

ReqID: 19018279
Schedule (Full-Time/Part-Time): Full-time
Date Posted: Oct 9, 2019, 12:04:06 AM