IT & Cybersecurity Control Testing Auditor (Senior)

Position Description:

MissionsThe candidate will report to an experienced testing manager and will be responsible for leading reviews as part of the Annual Control Plan focused specifically on Information Technology Infosec and Cyber risks.
The candidate will be responsible to:- Conduct business process and control walkthroughs and gather information to understand the context risks and intended control operation to be tested.- Scope plan and execute technology and compliance control audits with the following focus areas:Design and execute tests to validate application system controls which may require data analysis code inspection and re-performance of system the design of controls around the underlying system architecture in the context of information technology controls such as security availability and performance and their impact on business-aligned technology the business and technology processes to evaluate the effectiveness of the relevant technology that system features meet business technology and regulatory requirements.- Identify issues through testing ensuring that appropriate action plans are being developed by the business to correct the deficiencies noted.- Discuss results and findings with relevant stakeholders including the business or function being tested.- Document review work and develop final testing reports to document and formally communicate testing results to stakeholders.- Validate that the business has completed the agreed-upon action plans by the due date.- Maintain regular engagement and provide feedback to key stakeholders within Compliance Risk and Business units.- Assist the audit manager with development of the annual risk-based Testing Plan.
ProfileCompetencies- Understand and apply audit methodology and various techniques to perform controls-based audits.- Apply knowledge and experience in auditing general and application controls across a variety of technologies and platforms using IS industry standards and best practices.- Apply a broad and comprehensive understanding of high-risk IS/cyber areas including identity and access management data protection encryption firewall security intrusion detection and prevention systems and insider threat.- Audit non-technical areas including IT governance project management and systems development.- Audit experience covering cloud-based infrastructure is a plus but not required.- Synthesize data and observations into findings and effectively present and communicate conclusions in writing and orally.- Analyze complex sets of data using Excel Access VBA and other advanced scripting and analytical tools that help operate and visualize data.- Understand Investment Banking and Broker-Dealer related risks and regulations.- Apply strong analytical problem-solving and organizational skills; handle multiple simultaneous and ad-hoc requests.- Exercise strong attention to detail; ability to work independently; prioritize and work in a dynamic deadline-focused environment.- Work collaboratively within a complex organization across multiple cultures geographies and disciplines; strong interpersonal and written/verbal communication skills.
Technical Skills & Knowledge- Experience and application of industry-standard technology frameworks and regulations such as NIST FFIEC ISO GDPR NYSDFS FISMA etc.- Experience with various data analytics and data management tools:Scripting tools: Python VBARelational data tools: T-SQL PL/SQLData visualization tools: PowerBI Microstrategy Spotfire- Expertise with Microsoft Word Excel and PowerPoint- Excellent writing skills- Securities licenses a plusPrior Work Experience- 711 years of working experience within the Financial Services industry or equivalent environment- 35 years performing audits of systems physical logical or cybersecurity in a technical environment using generally accepted auditing standards consistent with internal control frameworks- General knowledge of applicable regulatory requirements and expectations related to investment banking and broker-dealer activities- AML experience a plusQualifications (Experience Education Languages)- B.A./B.S. in Computer Science Information Security Engineering or equivalent discipline- Relevant IT audit certifications are a plus such as:Certified Information Systems Auditor (CISA)Certified Information System Security Professional (CISSP)Certified Public Accountant (CPA)Certified Internal Auditor (CIA)
LANGUAGEAbility to communicate in English both orally and in writing is a requirement as the person in this position will need to collaborate regularly with colleagues and partners in the United States.
- English language proficiency; French speaking a plus

Skills:

• English
• French
• Cyber
• NIST
• Python
• SQL

What you can expect from us:

Together as owners lets turn meaningful insights into action.

Life at CGI is rooted in ownership teamwork respect and belonging. Here youll reach your full potential because

You are invited to be an owner from day 1 as we work together to bring our Dream to life. Thats why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our companys strategy and direction.

Your work creates value. Youll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas embrace new opportunities and benefit from expansive industry and technology expertise.

Youll shape your career by joining a company built to grow and last. Youll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.

At CGI we value the strength that diversity brings and are committed to fostering a workplace where everyone belongs. We collaborate with our clients to build more inclusive communities and empower all CGI partners to thrive. As an equal-opportunity employer being able to perform your best during the recruitment process is important to us. If you require an accommodation please inform your recruiter.

To learn more about accessibility at CGI contact us via email. Please note that this email is strictly for accessibility requests and cannot be used for application status inquiries.

Come join our teamone of the largest IT and business consulting services firms in the world.