IT Audit Manager

Description

The Audit Department of the Port Authority of New York and New Jersey falls under the Chiefdom of the Office of the Inspector General, and provides independent, objective assurance to Port Authority management and the Board of Commissioners that operations and functions are adequately controlled and carried out in an effective and efficient manner and in accordance with existing policies and procedures. Where necessary, the Department makes recommendations to management to correct internal control weaknesses and discrepancies disclosed by its examinations, as well as to strengthen controls already in place.

RESPONSIBILITIES:

The Information Systems & Technology Audits Division is one of six audit divisions in the Department. As the Manager of this division, you will be responsible for directing and managing the workload for a team of approximately 12 in all activities. The IT Audit Manager is tasked with developing a risk-based annual audit plan which is aligned with the agency priorities and standards and addresses cyber security, technology and fraud risks; the professional development of the IT team members; conducting reviews of computer systems, information security and network structures to ensure compliance with internal controls requirements for accuracy, reliability, accountability and that such systems are implemented, operated, and secured in a cost-effective manner. You will manage cooperative reviews with other divisions covering third party technology service management contracts, controls over financial, physical security, governance, business, and operational processes. You will also manage staff performing risk assessments of third-party's technology, controls, and policies. You will provide internal consultation services in systems development, information security, infrastructure design, industry regulatory and compliance areas. You will build and maintain professional relationships internally and externally, as well as provide senior management and executive stakeholders with an independent assessment of internal controls.

Reporting to the Program Director and Director of the Audit Department, you will be responsible for, but not limited to the following.

Effectively manage and maximize staffing resources; plan and monitor the workload.

Approve audit plans and scope for assignments and workpapers prepared by staff.

Prepare clear and concise draft audit reports for review by the Program Director and Director for subsequent issuance to management.

Ensure that audits and other initiatives are performed efficiently and effectively, are in accordance with Institute of Internal Auditors, ISACA and industry standards and that action taken by PA management satisfactorily address recommendations and resolve audit findings.

Understanding of control frameworks such as COBIT, IIA GTAG, ISO 27000 and NIST and compliance with applicable regulatory requirements (PCI, HIPAA, etc.).

Understanding of computer hardware, network, operating systems, database, enterprise applications, and cloud environment concepts.

Demonstrate a working knowledge of audit management (e.g. Teammate+), data analytics and security vulnerability assessment tools.

Manage staff performance and build skill development. Prepare, review, and approve interim and final performance reviews and individual developmental plans for all staff.

Consult with stakeholders to add value and resolve issues. Demonstrate excellent written, oral and interpersonal communication skills.

Make sound, confident decisions and act in uncertain situations.

Engage in additional departmental/agency initiatives outside the scope of daily responsibilities.

Possess multi-tasking and flexibility skills; ability to manage multiple complex projects.

Possess strategic thinking and analytical skills to identify problems and effect timely solutions.

Qualifications:

Bachelor’s degree in information systems, Cybersecurity, Computer Science or related field.

A minimum of 7 years demonstrated management and leadership skills

10 years of experience of increasing responsibility in the areas of IT and/or Auditing

Demonstrate understanding of audit risk assessment and audit planning methodologies and concepts.

NOTE: MUST BE ABLE TO TRAVEL TO PORT AUTHORITY FACILITIES AS WELL AS PA AUDITTEE LOCATIONS/OFFICES AS NEEDED