The Senior Audit Manager, IT and Security

Oversees, performs and executes the annual internal audit plan of Information Technology (IT) and Information Security (InfoSec) audits.

Responsibility includes assessing risk, developing audit scopes, performing audit procedures, and preparing internal audit reports reflecting the results of the work performed and reviewing the work of audit staff.

The Senior Audit Manager, IT and Security will interact heavily with the IT/InfoSec Leadership and must be able to clearly articulate related risks and audit results to technical and non-technical members of executive management. This position reports to the Vice President of Internal Audit.

Supervisory Responsibility

This position may have supervisory responsibilities in the future and will be responsible for day-to-day management of IT Audit staff and their development of subject matter expertise.

Job Grade

The Senior Audit Manager, IT and Security is a grade 9.

Responsibilities

  • Assists in developing and maintaining the Internal Audit IT/InfoSec Risk Assessment.
  • Primary function will be to plan and perform risk based/security audits in areas including, but not limited to, applications (internal & external facing), databases, operating systems, sensitive data, patch management, change management, BCP/DR, third party, cloud, etc.
  • Oversees the development of IT Audit staff and ensures the execution of the annual audit plan.
  • Performs SOX ITGC, regulatory or compliance audits as required.
  • Interacts with external audit firms and provides guidance and support for audit engagements.
  • Effectively analyzes and assesses risk to develop audit procedures, execute test procedures, and conclude on the operating effectiveness of relevant controls through the development of formal reports.
  • Leverages appropriate resources for planning the audit engagement, and effectively leads interviews/meetings to ensure relevant information is obtained for analysis.
  • Performs an appropriate level of testing based on the scope and risk, without over- or under-auditing.
  • Produces work paper documentation that is clear and concise, provides adequate detail of work performed and conclusions reached, meets department and professional standards, and is sufficient to receive a satisfactory rating from reviewers.
  • Communicates obstacles or problems as they are encountered throughout the audit. Identifies control issues and findings timely, and ensures findings are based on relevant facts and are accurately characterized (based on risk).
  • Clearly communicates control findings to Internal Audit Management as they are identified.
  • Shares Internal Audit processes and business area knowledge with team members.
  • Maintaining appropriate industry associations to keep up to date with emerging technologies/IT risks and identify/leverage audit best practices.
  • Ensures the Internal Audit team is advised of key developments in all areas of responsibility.
  • Working with external auditors to coordinate IT coverage across areas of responsibility and ensure that audit work is comprehensive and sufficient to allow the external auditors to rely on the work.
  • Challenges the ‘status-quo’ and brings original ideas to the team.
  • Fosters a team environment, is inclusive and works well with others.
  • Prepares monthly reporting for the Executive team summarizing activities and key performance indicators.
  • Other tasks as assigned.

Requirements

  • Bachelor’s degree in related field required (e.g., Computer Science, Management Information Systems, Accounting)
  • CISA, CISSP, CISM, or other relevant certification is required.
  • 9+ years of internal and/or external IT audit experience required.
  • Mix of operational and IT audit experience desired.
  • Experience as project lead including:
  • isk Assessment
  • Planning
  • Audit execution
  • Issue/report writing
  • Business risk awareness and appropriate judgment to use a risk-based approach while executing the audits.
  • High level of tact and ability to communicate complex and potentially sensitive issues to various levels of management – both within IT functions and outside to key non-technical business personnel.
  • Can conform to shifting priorities, demands and timelines through analytical and problem-solving capabilities.
  • Must possess strong computer skills
  • Must be able to think analytically, independently and objectively.
  • Must have working knowledge of tools & technical processes including: identity & access management, database management; software development methodologies, change management, vulnerability management, penetration testing, data loss prevention, batch processing, business continuity/disaster recovery planning; enterprise architecture,security etc.
  • Understanding of IT control frameworks (COBIT, ISO 27002, NIST, ITIL, FedRamp etc.) is required.
  • Knowledge of SOX 302/404, SSAE 16/SOC1/2/3
  • Excellent written and oral communication skills
  • Ability to communicate information in an understandable form to the right parts of the organization
  • Ability to work effectively in a team environment, both within Internal Audit and across other departments
  • Must be able to work in US and International time zones, when required
  • Ability to balance quality of work with speed of execution
  • Ability to use GitLab

Performance Indicators

Career Ladder

The next step in the Senior Manager, Internal Audit job family is to move to the Director, Internal Audit job family.

Hiring Process

Candidates for this position can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

  • Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
  • Next, candidates will be invited to schedule a first interview with our VP, Internal Audit.

Additional details about our process can be found on our hiring page.

 


About GitLab

GitLab Inc. is a company based on the GitLab open-source project. GitLab is a community project to which over 2,200 people worldwide have contributed. We are an active participant in this community, trying to serve its needs and lead by example. We have one vision: everyone can contribute to all digital content, and our mission is to change all creative work from read-only to read-write so that everyone can contribute.

We value results, transparency, sharing, freedom, efficiency, self-learning, frugality, collaboration, directness, kindness, diversity, inclusion and belonging, boring solutions, and quirkiness. If these values match your personality, work ethic, and personal goals, we encourage you to visit our primer to learn more. Open source is our culture, our way of life, our story, and what makes us truly unique.

Top 10 Reasons to Work for GitLab:

  1. Mission: Everyone can contribute
  2. Results: Fast growth, ambitious vision
  3. Flexible Work Hours: Plan your day so you are there for other people & have time for personal interests
  4. Transparency: Over 2,000 webpages in GitLab handbook, GitLab Unfiltered YouTube channel
  5. Iteration: Empower people to be effective & have an impact, Merge Request rate, We dogfood our own product, Directly responsible individuals
  6. Diversity, Inclusion & Belonging: A focus on gender parity, Team Member Resource Groups, other initiatives
  7. Collaboration: Kindness, saying thanks, intentionally organize informal communication, no ego
  8. Total Rewards: Competitive market rates for compensation, Equity compensation, global benefits (inclusive of office equipment)
  9. Work/Life Harmony: Flexible workday, Family and Friends days
  10. Remote Done Right: One of the world's largest all-remote companies, prolific inventor of remote best practices

See our culture page for more!

Work remotely from anywhere in the world. Curious to see what that looks like? Check out our remote manifesto and guides.

Last modified September 23, 2024: Fix broken links (d748cf8c)