We are on the lookout for a talented Technology Audit Manager to join our join our Cybersecurity and Technology Controls Internal Audit team. This is your opportunity to play a crucial role in enhancing our organization's governance and operational excellence!

As a Technology Audit Manager within our Cybersecurity and Technology Controls Internal Audit Team, you will execute the annual audit plan, manage audit engagements, perform audit testing and participate in control and governance forums.

 

Job Responsibilities

Lead and execute large-scale audits or projects independently, including critical technology functions, cloud-based infrastructure, cybersecurity, risk management, application, and third-party management. Develop effective test plans and perform audit testing to ensure timeliness, accuracy, and quality.Identify and assess key risks and controls, executing and documenting work in accordance with JPMorgan & Chase’s Internal Audit policy. Design and execute tests to verify control effectiveness to mitigate risk.Demonstrate professional skepticism while conducting audits, independently raising findings within established criteria, and keeping management and leadership informed throughout the process.Establish and maintain strong client relations during engagements, effectively communicating results to management via written reports and oral presentations. Prepare clear, organized documentation to support work performed.Drive continuous improvement by providing objective evaluations of technology processes, enhancing the organization’s risk management capabilities, and developing business partnerships within Internal Audit and companywide.Adapt to change, embrace bold ideas, and leverage data analytics to enhance audit effectiveness.Stay informed about emerging cybersecurity technologies and trends, assessing their impact on the organization's risk landscape.Collaborate with IT, security, and business units to ensure a comprehensive approach to cybersecurity risk management.Lead and mentor audit teams, fostering a culture of continuous learning and improvement.

Required qualifications, skills and capabilities

7+ years of internal or external auditing experienceBachelor's degree in Technology, Accounting, Finance, or a related discipline.Strong understanding of audit methodologies, internal control concepts, and the ability to evaluate and determine the adequacy of control design and operating effectiveness.Proficiency with the MITRE ATT&CK Framework, with 3+ years of experience applying it to identify, assess, and mitigate cyber threats.Strong experience in managing and evaluating security controls, with proficiency in the Information Systems Auditing Process and key areas such as Security and Risk Management, Asset Security, Security Architecture and Engineering, Communication and Network Security, Security Operations, and Cyber Resiliency.Strong data analytical skills, adept at interpreting complex data sets and deriving meaningful insights.Strong strategic thinking skills, with the ability to align audit activities with the organization's strategic objectives and cybersecurity goals.Knowledge of IT and Cloud management and control frameworks.Experience in a highly formal audit environment, including preparation of formal test of design and test of effectiveness work-papers.Certification in one or more of the following audit or security focus areas: CISA, CISSP, SANS, or expertise in cloud platforms such as AWS, Azure, or Google Cloud.Excellent verbal and written communication skills, with the ability to effectively communicate complex security concepts to stakeholders at all levels.

Preferred qualifications, skills and capabilities

Related professional certification such as CIA, CPA, or CRISC is advantageous.Familiarity with coding, data analytics, cybersecurity controls, cloud design and controls, and/or distributed technologies is a plus.Experience navigating matrixed organizations and interfacing with regulatory agencies is beneficial.Experience leading and providing feedback to staff on audit projects or engagements is desirable.Experience with Issue Validation and Remediation is preferred.In-depth knowledge of financial regulations and compliance requirements related to cybersecurity, such as GDPR, PCI-DSS, SOX, and FFIEC guidelines, is a plus.