SOX Audit Project Manager - Technology

At U.S. Bancorp India, we’re on a journey to do our best. We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.S. Bancorp India gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career. Try new things, learn new skills and discover what you excel at—all from Day One.

Job Description

Corporate Audit Services (CAS) is seeking a highly motivated candidate to join our growing team of internal audit professionals within the CAS GCC team. This position supports internal audit coverage across our Digital, Technology and Operations Services team, with a focus on Information Security Services (ISS) as an Audit Project Manager.

The CAS Audit Project Manager is primarily responsible for completing audit engagement assignments with minimal supervision from audit team management. The Audit Project Manager is expected to understand information security risks, identify and analyze information security technology and business processes, and evaluate control design adequacy and effectiveness through control testing. The ISS Audit team is responsible for auditing Security Architecture and Engineering, Security Operations, Cloud and Application Security, Data Security and Insider Threat Strategy, Cyber Threat Intelligence, Vulnerability and Configuration Management, Identity & Access Management, and European Information Security. ISS protects information that is stored, transmitted, and processed across U.S. Bank computer networks. They also manage access to U.S. Bank systems and applications, define security policy, and collaborate with business line leaders across the enterprise to help them make more informed decisions regarding the security of their information.

The primary focus of this role over the next 36 months includes completing annual key SOX financial statement control testing for internal audit and other audit support work specifically to Technology. Internal audit performs SOX testing on behalf of management to ensure strong reliance by external auditors. The role may directly or indirectly lead team members.

Key accountabilities:

• Performing or supervising staff auditors in the testing of controls based on audit program directions. Includes using appropriate sampling and control testing techniques; identifying and assessing the relevancy of possible issues; and documenting work performed to support audit scope/conclusions, to facilitate an efficient review, and to meet internal audit policies and procedures.

• Drafting audit issues under the supervision of the audit team management. Includes drafting potential exposures and significance, identifying appropriate root causes, and developing recommendations that are operationally effective and cost-effective actions to address those causes.

• Assisting the audit team management in the reporting and wrap-up phases of audits. Includes assisting with drafting audit reports.

• Learning from and applying coaching received.

• Work as a subject matter expert in a particular topic, helping drive strategy, and may support multiple audit engagements covering the related topics

• Handle complex tasks autonomously and is able to influence business line understanding of risk mitigation

• Performing other duties as requested by audit team management.

• Assisting the audit team management in planning audit engagements. Includes understanding risk and risk management techniques; identifying and analyzing business processes, key risks, and critical controls; interviewing auditees; and evaluating control design adequacy.

• Provide coaching and on-the-job training for team members to ensure engagements are completed in conformance with internal audit policies and procedures

• Partner with their assigned Line of Business, other Risk/Compliance/Audit (RCA) professionals, and RCA Managers to, depending on their function, create, implement, maintain, review or oversee an effective risk management framework.

• Participate in projects and/or activities that ensure compliance with applicable federal, state and local laws and regulations.

• Identify gaps and inform solutions that minimize losses resulting from inadequate internal processes, systems or human errors.

• Identify, respond and/or escalate risks as appropriate

• Help support third line assurance efforts relating to a large-scale cloud migration and ongoing support subsequent to the migration.

Basic Qualifications

• Bachelor's degree, or equivalent work experience

• Typically more than seven years of applicable experience

Preferred Skills/Experience

• Undergraduate degree in a Technology, Cybersecurity or Engineering related field of concentration or equivalent combination of training and experience.

• Professional certification (e.g., CISSP, CISM, CISA, CIA, AWS Cloud Practitioner, Microsoft Azure Administrator) or advanced degree (e.g., MS in Technology/Information Security, MBA) is a plus.

• Agile/Continuous Deployment/Continuous Delivery/DevSecOps, Secure Software Development

• API and Cloud Migration experience

• Advanced data analytics and visualization acumen

• Strong knowledge of IT Frameworks (e.g., COBIT, ITIL, NIST, FEDRAMP, PCI-DSS, AGILE, AWS Well Architected Framework etc.)

• Technical knowledge of at least two of: API, Secure Cloud Architecture, Deployment models, Zero Trust, Network Segmentation, authentication/authorization protocols, or cryptography. Hands-on experience in at least one of the above.

• Experience leading multiple audits concurrently and executing all stages of audit successfully

• Experience validating audit and regulatory issues within agreed-upon timeframes

• Proven track record of adapting to a fast-paced environment and effective multi-tasking, being able to manage multiple projects simultaneously

• Critical thinking and problem-solving skills

• Participate in engagement team for assurance engagements involving platforms (AWS Cloud, etc.) and critical software assets across the technology space, as well as advisory engagements consulting on critical technology initiatives

• Advanced understanding of the business line's operations, products/services, systems, and associated risks/controls

• Assess the adequacy of the control environment, identify control gaps and opportunities for continuous improvement based on relevant knowledge and experience

• Ensure delivery of the highest quality reports and value-add recommendations and insights

• Advanced knowledge of applicable laws, regulations, financial services, and regulatory trends that impact their assigned line of business

• Advanced knowledge of Risk/Compliance/Audit competencies and ability to execute an assignment entirely independently

• Strong process facilitation, project management, and analytical skills

• Must possess business acumen and credibility to help business line(s) proactively identify and address changing workforce needs

• Motivated individual with excellent presentation, interpersonal, written, and verbal communication skills

• Proficient computer navigation skills using a variety of software packages, including Microsoft Office applications and word processing, spreadsheets, databases, and presentations

If there’s anything we can do to accommodate a disability during any portion of the application or hiring process, please refer to our disability accommodations for applicants.

Posting may be closed earlier due to high volume of applicants.

This is an U.S. Bancorp India posting. U.S. Bancorp India is a part of the U.S. Bank family.