IT Audit Manager - Cyber

About Northern Trust:

Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.

Northern Trust is proud to provide innovative financial services and guidance to the world’s most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service.

The IT Audit Manager - Cyber is responsible for the execution of audit engagements, which includes planning and developing the project scope, maintaining the budget and timeframes of the project to meet audit requirements, and ensuring department Standards are properly met. The role is a direct report to an Associate Director. The IT Audit Manager, Cyber provides input to improve operational efficiency and/or to enhance the design or operating effectiveness of the internal control environment. The role provides technical expertise and performs supervisor related work including training new employees and those with lesser experience, reviewing the work of others, and providing regular feedback to coach staff.

This role will interact and build relationships with management across Northern Trust’s Technology functions. The role is responsible for execution of validation testing as well as cyber audit engagements. The successful candidate will also be responsible for audits of information security, identity and access management; data protection; security incident response; authentication services; insider threats; vulnerability and threat management; and network perimeter defenses, as well as contributing to general and integrated IT Audit engagements.

Principal Responsibilities

• Functions in various roles on audit engagements, including leading audits, staffing audits, and providing consulting or oversight functions based on the needs of the team.
• Provides technical expertise to the IT Audit Team and uses sound audit practices.
• Maintains familiarization and technical expertise with the assigned business unit(s) including organizational structure, personnel, activities and products, new product development, financial performance, and risk and problem areas.
• Manages and performs special projects as assigned.
• Participates in meetings with business unit to discuss audit results.
• Communicates with partners at all levels, developing and presenting recommendations on operations and controls for the business unit.
• During audit engagements, assigns work to auditors, sets priorities and monitors activity.
• Utilizes understanding of various Corporate units to ensure operations, services, and systems have proper controls in place (i.e., design of the control environment).
• Reviews audit work including workpaper documentation, findings, recommendations, and the final report to ensure appropriate adherence to the Corporation’s/Department’s Policies and Standards and ensuring work is performed within established timeframes.
• Evaluates corporate management, business processes, business controls, and operating practices during audits and consulting/monitoring engagements.
• Applies analytical skills to review information and determine potential control weaknesses.

Skills / Knowledge

• Knowledge and experience leading risk-based cyber and information security audits and/or general technology audits.
• Solid understanding of ITGC and related processes (e.g., Configuration Management, Vendor Management).
• Understanding of Information Technology Service Management (ITSM) controls (e.g., Incident Management, Problem Management).
• Skills as needed to perform testing of application controls (e.g., BC/DR, Application Security Testing, Interface Controls).
• Skills as needed to perform testing of information security and cybersecurity controls (e.g., Event Monitoring, Data Security).
• Knowledge of risks related to newer technologies (e.g., Infrastructure as Code, Cloud Access Management, Kubernetes, Containers, CI/CD).
• Knowledge of IT and cybersecurity regulations, standards, and frameworks (e.g., NIST CSF, FFIEC, GDPR, ITIL).
• Knowledge of cloud environments and related technologies (e.g., Microsoft Azure, Amazon Web Services, private and hybrid cloud architectures).
• Professional certifications (e.g., CISA, CISSP, CCSP).
• Strong analytical, leadership, and organizational skills are needed.
• Strong report writing and work paper documentation skills.

Required Experience

• College or University degree and/or 5+ years auditing experience in a financial institution is preferred.
• Adept auditing and/or systems experience in a financial institution, or similar public accounting experience in the financial services industry.

Salary Range:

$83,100 - 141,300 USD

Salary range is a good faith estimate of base pay. Northern Trust provides a comprehensive benefits package including retirement benefits (401k and pension), health and welfare benefits (medical, dental, vision, spending accounts and disability), paid time off, parental and caregiver leave, life & accident insurance, and other voluntary and well-being benefits. Northern Trust also provides a discretionary bonus program that may include an equity component.

Working with Us:

As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas.

Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve! Join a workplace with a greater purpose.

We’d love to learn more about how your interests and experience could be a fit with one of the world’s most admired and sustainable companies! Build your career with us and apply today.

Reasonable accommodation

Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at MyHRHelp@ntrs.com.

We hope you’re excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people.

Apply today and talk to us about your flexible working requirements and together we can achieve greater.