Senior Audit Manager - Cybersecurity

Why USAA

At USAA our mission is to empower our members to achieve financial security through highly competitive products exceptional service and trusted advice. We seek to be the #1 choice for the military community and their families.

Embrace a fulfilling career at USAA where our core values honesty integrity loyalty and service define how we treat each other and our members. Be part of what truly makes us special and impactful.

The Opportunity

As a Senior Audit Manager youll manage and lead technology and information/cyber security (IT/IS) audit engagements varying in complexity and often participates in complex crossfunctional riskbased assurance and advisory engagements driving quality of audit work and leads engagements as AuditorInCharge (AIC). This role maintains knowledge of large financial services regulations (e.g. Office of the Comptroller of Currencys Heightened Standards and Federal Reserve Boards Large Financial Institution Rating System) and effectively responds and interacts with regulators. Manages strategic initiatives and assists with the development and implementation of the riskbased audit plan for IT/IS. Serves and/or partners with audit and IT/IS subject matter expert(s) to analyze issues establish collaborative client relationships and proactively work with client management to assess risk and improve internal controls. Adheres to the Institute of Internal Auditors International Standards for the Professional Practice of Internal Auditing (Standards) and Code of Ethics.

We offer a flexible work environment that requires an individual to be in the office 4 days per week. This position can be based in one of the following locations: San Antonio TX Plano TX or Charlotte NC. Relocation assistance is not available for this position.

What youll do:

• Influences business and clients across the enterprise regarding effective internal controls and mitigating risks across the full Enterprise taxonomy and challenges business management to adopt appropriate policies and procedures and effective controls designed to mitigate risks.

• Serves as AuditorinCharge (AIC) and main point of contact manages IT/IS audit engagementrelated efforts and leads continuous monitoring activities.

• Overseeing assignments of staff with varying degrees of expertise and experience when conducting engagements specialized audits or IT/IS audits recognizing the crossmatrixing and crossfunctionality within the technology and information/cybersecurity areas.

• Ensures assigned IT/IS audit engagements are completed objectively professionally timely and in accordance with corporate and industry audit standards.

• Approves the engagement risk and control matrix and scope of the audit for final review and approval by Audit Leadership.

• Proactively identifies IT/IS control weaknesses and opportunities for improvement in the current operating environment providing recommendations for corrective action. Drafts the related audit technology and information/cybersecurity issues and audit reports for issuance to respective client leadership conducting followup activities.

• Responsible for quality of audit reviews with final signoff of work papers; proposes and/or recommends updates to the universe risk assessment of the entity based on audit results.

• Leads team activities and provides feedback to the team on IT/IS audit activities related to planning and scoping testing and sampling methodology and testing conclusions.

• Provides coaching and guidance to other auditors ensuring timeliness and quality of audit engagement deliverables. May deliver audit team end of engagement evaluations.

• Participates in development of the Audit IT/IS annual plan including proper assessment and coverage of risks and emerging risks and assists with of the annual plan.

What you have:

• Bachelors degree; four additional years of related experience beyond minimum required may be substituted in lieu of a degree.

• 8 years of audit or controls experience in a financial services or technology/information security environment.

• 4 years audit experience in the technology and/or information security (IT/IS) areas.

• Experience performing internal audits external audits or applying audit risk or compliance acumen in a complex operational and regulatory environment.

• Broad and comprehensive experience in Audit theory internal audit principles with demonstrated experience in IT/IS audit examining analyzing assessing and drawing conclusions from audit work.

• Demonstrated experience effectively communicating and challenging Controls with business partners and influencing business outcomes.

• Understanding of risks and internal controls and the ability to evaluate and determine adequacy and efficiency of controls.

• Experience mentoring and providing feedback to audit team members regarding audit engagements.

• Experience in overseeing work with both internal and external partners in a highly collaborative environment.

• Demonstrated critical thinking and techniques and decisionmaking abilities.

• Demonstrated experience in highly dynamic environment and ability to deal with competing priorities.

• Specific industry frameworks and standards knowledge required includes COBIT NIST 80053 NIST CSF CRI Profile OWASP STIGs CIS Benchmarks ISO 27001/2 SOC 2 PCI DSS ITIL and FFIEC booklets (e.g. information security business continuity etc..

• Experience with compliance requirements including GDPR GLBA and CCPA.

• Experience working with IT general controls Technology infrastructure management and platforms (e.g. mainframe midrange distributed) and Network architecture and security (e.g. network segmentation firewalls proxies encryption protocols endpoint protection) or related work.

What sets you apart:

• Experience in the financial services industry

• Information Securityspecific certifications (e.g. CISSP CRISC CCSP)

• Information and Cybersecurity (e.g. cyber threat detection and response threat intelligence insider threat logging and monitoring security information and event management (SIEM) secure baseline configuration management and drift monitoring vulnerability and patch management device/endpoint security antivirus and thirdparty security)

• Enterprise resiliency (e.g. development implementation maintain testing and validation of recovery and resiliency plans resiliency architecture exercise and training offline backups and restoration data Cyber Vault etc.

• Cloud Computing (e.g. SaaS PaaS IaaS Amazon Web Services (AWS) Google Cloud Platform (GCP) Microsoft Azure Snowflake private/hybrid/public data gravity telemetry migration/monitoring of workloads (Datadog) cloudnative application protection platforms (CNAPP) expanded boundary considerations public API integration Kubernetes containerization orchestration and automation)

Compensation range: The salary range for this position is: $143320 $273930.

Compensation: USAA has an effective process for assessing market data and establishing ranges to ensure we remain competitive. You are paid within the salary range based on your experience and market data of the position. The actual salary for this role may vary by location.

Employees may be eligible for pay incentives based on overall corporate and individual performance and at the discretion of the USAA Board of Directors.

The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job.

Benefits: At USAA our employees enjoy bestinclass benefits to support their physical financial and emotional wellness. These benefits include comprehensive medical dental and vision plans 401(k) pension life insurance parental benefits adoption assistance paid time off program with paid holidays plus 16 paid volunteer hours and various wellness programs. Additionally our career path planning and continuing education assists employees with their professional goals.

For more details on our outstanding benefits visit our benefits page on .

Applications for this position are accepted on an ongoing basis this posting will remain open until the position is filled. Thus interested candidates are encouraged to apply the same day they view this posting.

USAA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin disability or status as a protected veteran.