Manager, Audit - Information Security Specialist (USA)-711948
Information Security Specialist:
Corporate Audit Services, the Internal Audit function within Capital One, is a dedicated group of audit professionals focused on delivering top quality assurance services to the organization’s Audit and Risk Committee. The CAS department is considered one of the leading internal audit functions within the financial services industry and is highly regarded within Capital One. CAS professionals are experienced, well-trained and credentialed, and operate within a highly collaborative team environment to deliver value added opinions and recommendations. In addition, the CAS vision of Innovate Continually, Perform Brilliantly, and Set the Standard create a dynamic and challenging atmosphere for both personal growth and professional opportunity.
Capital One is seeking an energetic, self-motivated Information Systems Auditor interested in becoming part of our Corporate Audit Services team as the Information Security Specialist. The Information Security Specialist will lead departmental efforts in monitoring information security threats, risks, and controls as they continue to evolve. The Information Security Specialist will also provide leadership on the information security audit approach, and will provide advice and counsel to business leadership related to information security risks, threats, and countermeasures. As a member of the team, the Information Security Specialist will lead audits of the enterprise security architecture and technical security configurations, support integrated application audits where information security specialist skills are required, and lead information security project audits. The candidate will also facilitate knowledge sharing of best practices and industry trends to team members, and contribute to thought leadership activities within the Audit team. The candidate will work independently, with guidance from Audit management as needed. Career development and growth opportunities exist through our established training programs within the Corporate Audit Services team, as well as in IT and business functions. The candidate will be expected to maintain all organizational and professional ethical standards.
- Monitors emerging information security and fraud risk. Networks with peers from other organizations to stay in front of emerging information security risks and trends. Attends external events and training to maintain deep technical knowledge of risks and controls related to Information Security, Network Security, Infrastructure, and Industry Standards (e.g., PCI DSS, ISO 27001).
- Actively participates in working groups to understand the organization’s current and planned countermeasures related to information security risks.
- Participates in annual planning, engagement planning, and fieldwork to understand the broader enterprise information security risks.
- Leads information security audits and projects, as well as components of integrated audits with significant security considerations, such as enterprise security architecture, information security policy and standards, network infrastructure security, server/database security, web application security, mobile device security, and encryption.
- Develops engagement planning documentation to communicate rationale for scoping decisions and develops audit programs to ensure adequate coverage of risk. Communicates audit scope, issues, risks, and recommendations to management in written reports and oral presentations.
- Designs and executes audit testing procedures related to information security controls, demonstrating a degree of audit expertise consistent with experience level. Understands the broader context and implications of the various risks affecting the business across disciplines (Finance, Operations, IT, Compliance, etc.).
- Consults with Audit teams during the planning, fieldwork, and report phases related to information security risk and control considerations, as well as supports analysis of identified information security risks and findings.
- Identifies additional risks not previously considered and understands secondary or tertiary issues. Understands business priorities, and anticipates issues and obstacles, incorporating these concepts into risk discussions. Identifies and implements efficiencies in executing test work.
- Supervises and coordinates work assignments amongst audit team members. Provides timely feedback and coaching to audit staff.
- Establishes and maintains effective and productive relationships with auditee during engagements as well as other Corporate Audit Services groups. Takes action or guides the audit team to enhance company and department brand.
- Manages timely and quality delivery of multiple tasks, including audits, projects, special assignments, and administrative tasks.
- On audit engagements facilitates teamwork, coordinates and leverages available resources to complete engagements on time. Builds and utilizes relationships outside immediate Corporate Audit Services team to improve overall quality.
- Delivers appropriate, succinct, and organized information while tailoring communication style to audience. Effectively compiles relevant, material findings and recommendations into readable and concise audit reports. Communicates complex results and implications, incorporates different perspectives into deliverables. Effectively communicates audit process, scope, protocol, issues, risks and recommendations to auditee during kick-off, periodic status updates, and exit meetings.
4 years of technical experience working with information security risks and controls, enterprise security architecture, information security, infrastructure, network security, industry best practices
- Bachelors Degree in Auditing, Accounting, Finance, Economics, Information Systems, Business Administration or related area
- 4 years of experience in internal or external auditing, information systems, accounting, financial analysis, compliance risk management, bank examination or other related field.
- 2 years experience in performing audits of technical nature.
- 1 year experience in supervising audit engagements.
- 1 year experience in banking or financial services industry.
At this time, Capital One will not sponsor a new applicant for employment authorization for this position.
- Masters Degree in Auditing, Information Systems or Information Security.
- Certified or working toward a professional certification such as a CISSP , CEH, CISM, or CISA
- 6 years of technical experience working with information security risks and controls, enterprise security architecture, information security, infrastructure, network security, industry best practices
- 6 years of experience in internal or external auditing, information systems, accounting, financial analysis, compliance risk management, bank examination or other related field.
- 4 years experience in performing technical IS audits. Working knowledge of IT control frameworks such as COBIT and COSO, and their application to IT control audits.
- 3 years experience in supervising audit engagements.
- 3 years experience in banking or financial services industry. Understanding of financial institution laws, regulations and business processes.
- Demonstrated analytical, critical thinking, and problem solving skills.
- Excellent communication skills, both written and verbal.
No agencies please. Capital One is an equal opportunity employer committed to diversity in the workplace. We promote a drug-free work environment. We emphasize recruiting, hiring, and retaining the most qualified candidates and providing them with the opportunity to meet their potential. We provide an environment where differences lead to solutions.
Job : Audit, Risk Management and Security
Primary Location : United States-Virginia-Richmond-Richmond-West Creek 3 (12073)
Other Locations: United States-Texas-Plano-DFW-Plano People Center Bldg 4 (31064), United States-Virginia-McLean-Northern VA-McLean Campus (19050)
Schedule : Full-time
Travel : Yes, 10 % of the Time
Job Posting :Unposting Date :
Capital One - 2 years ago
Capital One isn't just concerned with what's in your wallet; it's interested in your bank account as well. The company is...