The Options Clearing Corporation (OCC), the world’s largest equity derivatives clearinghouse, is seeking a Manager, Internal Audit Information Technology & Security. The Manager will provide leadership across the department in support of the strategic goals of the audit function. This role will present comprehensive audit reports summarizing key risks, including providing expert consultative guidance to senior management for a complex technology environment, develop and maintain effective relationships and support management in achievement of their goals. In addition, the Manager may interface with the Securities and Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC), Financial Industry Regulatory Authority (FINRA) and external auditors.
The Manager, Internal Audit Information Technology & Security responsibilities will be aligned, but not limited to, four pillars:
- Ability to clearly articulate professional principles and standards (i.e., AICPA, IIA IPPF, COBIT, NIST CSF, etc.) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls.
- Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices.
- Keeping current on best practices and emerging risks in IT, information security, and cyber security within the financial services industry and making recommendations for improvements, as necessary.
- Serving as a liaison with external parties and regulators to facilitate timely and efficient external reviews, knowledge transfer, and controls and process education.
- Aid in the development of the comprehensive audit plan on an annual basis for administration of several IT or information security audits held simultaneously.
- Defining and leading the execution of audit projects in accordance to the annual audit plan.
- Owning the audit quality, accuracy of results, delivery within budget, and in a timely manner.
- Leading audits related to organization changes including requirements definitions, technology implementations, engagement, and alignment of change initiatives to business objectives.
- Participate in the development and execution of a comprehensive risk-based annual audit plan.
- Lead and implement strategic initiatives related to new audit programs/processes, technology, or other initiatives.
- Planning, leading and reporting for risk-based and special request audit assignments.
- Proactively identifying regulatory, IT, information security, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership.
- Developing, maintaining, and strengthening effective relationships with IT, business groups and leadership and partnering with management.
- Effectively lead audit staff, providing direction, clearly defined performance expectations, coaching and feedback, and recognition/motivation.
- Providing oversight and coaching to the team, both internal and/or co-sourced resources, confirming the delivery, quality, and auditee experience. Act as a mentor and ensure that staff has a solid understanding of auditing procedures to conduct the audit.
- Exceptional customer service and collaboration skills required. Strong analytical and verbal/written communication skills required.
- Demonstrated success in leading audit projects and implementing audit best practices in a complex technology environment for application systems development and infrastructure support. Demonstrated success in identifying IT and security risks in complex technology environment and implementing controls/processes to mitigate the risks.
- Strong working knowledge of the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA).
- Demonstrated ability to analyze data, evaluate facts, and summarize and present clear and concisely in both oral and written context to senior leadership.
- Ability to communicate clearly and effectively, both orally and in writing, including the ability to handle potentially sensitive situations and discussions.
- Ability to manage a complex audit plan and lead the team, prioritizing multiple audit assignments to simultaneously complete each timely with high quality.
- Strong problem solving and analytical capabilities.
- Ability to understand the interaction between complex technology, business processes, and the associated impact on the ability to comply with regulations.
- Strong proficiency using Archer or other audit or Governance Risk and Compliance software.
- Bachelor’s degree (or equivalent) in Information Technology, Accounting, Finance, Business Administration, or related field.
- Experience working in a complex, fast paced environment required.
- Consulting/accounting firm experience is a plus.
- Experience in Financial Services/Security Industry and working with regulatory organizations such as: SEC, CFTC, and/or FINRA required.
- Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or similar certification is required.
- At least 4 years of experience leading IT risk-based audits and projects, and IT process reviews.