Principal, Internal Audit Information Technology & Security
The Options Clearing Corporation (OCC), the world’s largest equity derivatives clearinghouse, is seeking an engaged Principal leading the Internal Audit Information Technology and Security Data Analytics program. The Data Analytics Principal will take a lead role in performing audits of varied technologies and processes in support of the strategic goals of the audit function using data analytics. The Data Analytics Principal is responsible for proactively identifying key risks, including providing expert consultative guidance to senior management for a complex technology environment, develop and maintain effective relationships and support management in achievement of their goals.
Primary Responsibilities:
- Ability to clearly articulate professional principles and standards (i.e., AICPA, IIA IPPF, COBIT, NIST CSF, etc.) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls.
- Maintaining an understanding of policies, procedures, standards, and supporting technologies to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices.
- Keeping current on best practices and emerging risks in IT, information security, and cyber security within the financial services industry and making recommendations for improvements, as necessary.
- Identify and analyze root causes of inefficient practices and propose alternatives by partnering with management to develop achievable solutions.
- Aid in the development of the comprehensive audit plan on an annual basis for administration of several audits held simultaneously.
- Defining and leading the execution of audit projects in accordance to the annual audit plan.
- Owning the audit quality, accuracy of results, delivery within budget, and in a timely manner.
- Leading audits related to organization changes including requirements definitions, technology implementations, engagement, and alignment of change initiatives to business objectives.
- Participate in the development and execution of a comprehensive risk-based annual audit plan.
- Lead and implement strategic initiatives related to new audit programs/processes, technology, or other initiatives.
- Planning, leading and reporting for risk-based and special request audit assignments.
- Proactively identifying regulatory, IT, information security, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership.
- Developing, maintaining, and strengthening effective relationships with IT, business groups and leadership and partnering with management.
- Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education.
Qualifications:
- Exceptional analytical skills required. Ability to analyze data, evaluate facts, and summarize and present clear and concisely in both oral and written context to senior leadership.
- Exceptional problem solving and analytical capabilities.
- Exceptional proficiency using analytics platforms. Data analysis platform experience such as Tableau, Alteryx, IDEA, SAS, or other similar tools.
- Experience with automated vulnerability assessment tools (e.g., Nessus, Qualys, etc.)
- Exceptional customer service and collaboration skills required.
- Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions.
- Ability to understand the interaction between complex technology, business processes, and the associated impact on the ability to comply with regulations.
- Demonstrated success in leading audit projects and implementing audit best practices in a complex technology environment for application systems development and infrastructure support. Demonstrated success in identifying IT and security risks in complex technology environment and implementing controls/processes to mitigate the risks.
- Strong working knowledge of the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA).
- Ability to manage a complex audit plan and working independently, prioritizing multiple audit assignments to simultaneously complete each timely with high quality.
- Strong proficiency using Archer or other audit or Governance Risk and Compliance software.
- Bachelor’s degree (or equivalent) in Information Technology, Accounting, Finance, Business Administration, or related field.
- Experience working in a complex, fast paced environment required.
- Consulting/accounting firm experience is a plus.
- Network, routers, and Checkpoint firewall experience a plus.
- Experience in Financial Services/Security Industry and working with regulatory organizations such as: SEC, CFTC, and/or FINRA required.
- Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or similar certification is required.
- Minimum of eight years of experience leading IT risk-based audits and projects, and IT process reviews.