Audit Executive - IT and Cyber Security

Why USAA?Let’s do something that really matters.At USAA, we have an important mission: facilitating the financial security of millions of U.S. military members and their families. Not all of our employees served in our nation’s military, but we all share in the mission to give back to those who did. We’re working as one to build a great experience and make a real impact for our members.We believe in our core values of honesty, integrity, loyalty and service. They’re what guides everything we do – from how we treat our members to how we treat each other. Come be a part of what makes us so special!As a dedicated VP, Audit Services IT and Cyber Security, you will lead assurance and advisory services for all aspects of IT and Cyber Security operations. This executive develops, administers, and oversees a risk-based comprehensive audit program which provides the Audit Committee of the USAA Board of Directors, the CEO, subsidiary boards, and members of USAA management with independent, objective assurance services regarding the effectiveness and efficiency of the governance, risk management, and control processes. Oversees the development and administration of long-term strategy and objectives and ensures alignment with Enterprise Audit Plan strategy and objectives. Leads IT and Cyber Security audit staff and oversees audit findings and recommendations regarding key governance, risk management and control processes including, legal and regulatory compliance and regulatory readiness, and the reliability and integrity of financial and operational information. Maintains knowledge of financial services regulations and effectively responds and interacts with regulators.We offer a flexible work environment that requires an individual to be in the office 4 days per week. This position can be based in one of the following locations: San Antonio, TX, Plano, TX, Charlotte, NC, or Tampa, FL.The OpportunityWhat you’ll do:• Exemplifies USAA’s mission, core values, culture and desired behaviors – including a culture of risk awareness and accountability.• Hires and develops talent to deliver performance and results – including the identification, development and retention of talent with requisite risk knowledge and capabilities as well as providing leadership and overseeing performance management and staff development activities.• Accountable for ensuring IT and Cyber Security departments receive sufficient coverage across specific activities as well as affiliated shared services that support these areas. Coverage will require effective coordination across the internal Audit Services teams to ensure appropriate subject matter expertise, scoping, execution and reporting of results.• Leads design and implementation of the IT and Cyber Security internal Audit Services strategy, considering department’s strategy and complex regulations and regulatory heightened expectations, including how they apply in a matrixed business environment.• Reviews and directs the development of internal audit IT and Cyber Security testing program and methodology, assures that professional standards are adhered to and that the audit report contains fully supported information.• Oversees budgeting and execution of the internal audit plan and other related audit projects across IT and Cyber Security.• Holds self and others accountable to meet commitments by setting and clearly communicating expectations and roles and responsibilities relative to internal audit.• Communicates, reports on and escalates issues to senior management and the board on the Enterprise’s current and changing risk profile, risk appetite, and emerging risk trends. Is responsible for the creation and updating risk profiles for each auditable entity within their area of support.• Collaborates with internal audit management to develop and implement internal audit policies, procedures, and best practices. Advises senior management on risk and control issues; reports on business self-assessment results; and provides practical recommendations to ensure risks are appropriately managed.• Manages ongoing relationships with external auditors, business units, and senior management. Evaluates corrective measures taken to address unresolved matters. Follows up on the progress being made to address unresolved control matters and prepares summary reports to executive management to ensure appropriate action is taken in a timely manner.• Conducts review of the results of the annual skills assessment and provides recommendations for addressing current gaps in skills.• Assists the USAA Chief Audit Executive in the development of audit standards, governance model, operating policies and procedures for inclusion in the Audit Services Manual and directs implementation of approved changes to maintain an internal audit function and governance model that is consistent and appropriate for the size, complexity and risk profile of IT and Cyber Security.• Maintains a current knowledge of the USAA standards, mission and strategic mission through discussions with corporate officers and attendance at various management meetings, conferences, and Board of Directors meetings in order to integrate current risks into the audit plan.• In conjunction with other Audit Services leadership, develops the audit strategy and plan, with emphasis on assurance and advisory services. Advises and collaborates with leadership on effective IT and Cyber Security controls and the regulatory environment.• Validates annual audit plan for IT and Cyber Security that is prepared based on risk analysis processes. Assists in assigning resources to complete integrated audits and to ensure appropriate audit coverage. Monitors and reports progress on this plan.• Monitors, independently and objectively, the governance, risk and control environment ensuring trends and emerging issues that could impact operations are considered and communicated to Executive Management and/or Finance and Audit Committees as appropriate.• Responsible for elevating high-risk potential control issues during development to avoid potential audit findings and control failures and reducing future risks to the organization.• Determines, plans and supervises the delivery of the IT and Cyber Security risk-based annual internal audit plan including identifying areas of risk and assigning appropriate risk ratings at the universe and entity level to ensure that critical business areas are reviewed on a recurring basis.• Establishes and directs all aspects of the internal audit IT and Cyber Security testing program, to include developing and updating the internal audit validation testing methodology, procedures, ongoing assessment of business risks, a risk based annual audit plan, and audit methodology that mirrors current, professional internal audit standards.• Oversees and approves risk assessments, including emerging risks and top risks associated with the organization’s current material processes, product lines, services, functions. Ensures quality audit work within required completion timeframes of each audit; drives value to the business while reducing the risk in the risk profile. Ensures that audit processes are utilized in identifying control weaknesses and developing recommendations within all divisions and operations of the company. Remains knowledgeable and current with the changing IT and cybersecurity landscape.• Provides thought leadership to executive management and Finance and Audit Committee related to leading and emerging internal audit and internal control practices and guidance to the business units of audit-related topics focused on strategic, operational, financial and regulatory risks.• Accountable for the completeness of the audit universe for business areas of responsibility and periodically reviews for potential additions or deletions.• Periodically reviews and updates the audit plan to consider the risk profile and emerging risk and issues. In addition, evaluates the adequacy of and compliance with policies, procedures, and processes established by the front-line units and Independent Risk Management to ensure ongoing compliance with the Risk Governance Framework.• Responsible for understanding, assessing and monitoring USAA’s efforts to comply with regulatory enforcement actions, including Consent Orders and MRA’s and ensures appropriate governance structures, policies and standards are designed effectively, in place and operating effectively.• Drives delivery of the internal audit work on time, within agreed upon budget, and in accordance with audit methodology, regulatory standards and the Institute of Internal Auditors (IIA) International Standards for the Professional Practice of Internal Auditing.• Responsible for effectively managing all aspects of the IT’s and Cyber Security’s internal audit work which evaluates the adequacy of and compliance with policies, procedures and processes established by the 1st and 2nd line of defense and provides technical and strategic direction to audits and investigations which are sensitive or complex in nature.• Coordinates internal Audit Services programs with other audit, compliance and operational and risk management units, Corporate Investigations, the outside independent auditor and regulatory examiners to minimize duplication of effort.• Leads quality audit work within required completion timeframes of each audit and participates in annual risk assessment processes; drives value to the business while reducing risk in the IT’s or Cyber Security’s risk profile.• Assists the Chief Audit Executive in creating reports of audit results as required and delivering/communicating them to executive management and Risk committees as required by the USAA, Finance & Audit Committee charters. In addition, identifies and escalates to the USAA, Board’s Finance & Audit Committees significant control weaknesses and strengths related to complying with the policies, standards and procedures.• Ensures that the audit processes are utilized in identifying control weaknesses and developing recommendations within all divisions and operations of the company.• Evaluates internal controls to ensure the identification of significant accounts, processes, assertions and risks, documentation of significant processes and the identification and evaluation of the control design, the performance of tests and controls and the overall assessment of financial reporting and internal controls.• Supports external auditors by coordinating information requirements.• Conducts validation testing and reviews to ensure that the recommended corrective actions to audit and regulatory identified issues are completed, sustainable and effective, and continues to evaluate the appropriateness of management’s corrective actions in response to issues identified.• Provides periodic briefings and reports on the risk management audit activities and the organization’s adherence to regulatory requirements and enforcement to the executives and board committees and councils.• Provides independent assurance to the board of directors and senior management on the effectiveness of the design, implementation and execution of the core business processes and risk management framework (including risk profile, risk appetite, and compliance practices).• Interacts effectively with all key Governance Committees.• Responsible for continuous review and enhancement of the Risk Management Internal Audit processes.• Establishes and continuously evaluates Key Performance Indicators (KPIs) for the Audit Services IT and Cyber Security team to ensure achievement of objectives. Adjusts KPIs as needed to continuously align to enterprise objectives and consults with Audit executives to support KPI report deliverables.• Oversees the design, development and delivery of timely, accurate, and impactful management reporting in addition to high-quality, impactful external reporting deliverables, including coordination with appropriate internal and external stakeholder.What you have:• Bachelor’s degree OR 4 years of related experience (in addition to the minimum years of experience required) may be substituted in lieu of degree.• 10 or more years of experience in technical discipline (e.g., information technology audit or cyber security audit function) with a proven track record leading comparable operations and programs (e.g., complex audit programs and regulatory heightened expectations) is required.• 8 or more years of people leadership experience in building, managing and/or developing high-performing teams required.• Demonstrated understanding of regulatory examinations and other supervisory engagement and processes.• Expected working knowledge of applicable industry regulations.• Proven ability to partner effectively with regulators.• Demonstrated ability to communicate and influence effectively at senior levels within the organization.• Strong written and verbal communication skills including the ability to communicate technical terms to a non-technical audience.What sets you apart:• Experience leading audit functions in a large financial institution, preferably in consumer banking.• Deep expertise auditing technology infrastructure, cyber security, data governance, emerging technology and integrated technology audits. Familiarity with auditing Artificial Intelligence.• Demonstrated accomplishments influencing and partnering with technology executives to anticipate evolving regulatory expectations for managing Information Technology and Information Security risk.• Experience validating/remediating consent order work in an IT audit function.• Recent experience engaging in your team’s testing, leading the strategy and reviewing test results and workpapers.• Experience leading audit teams totaling 50K+ assurance hours’ worth of responsibility annually.What we offer:Compensation:USAA has an effective process for assessing market data and establishing ranges to ensure we remain competitive. You are paid within the salary range based on your experience and market position. The salary range for this position is: $249,000 - $448,200.Employees may be eligible for pay incentives based on overall corporate and individual performance or at the discretion of the USAA Board of Directors.Long Term Incentive Plan: Cash payment for Executive level roles only, representing a cash payment which is both time and performance based.Benefits:At USAA our employees enjoy best-in-class benefits to support their physical, financial, and emotional wellness. These benefits include comprehensive medical, dental and vision plans, 401(k), pension, life insurance, parental benefits, adoption assistance, paid time off program with paid holidays plus 16 paid volunteer hours, and various wellness programs. Additionally, our career path planning and continuing education assists employees with their professional goals.For more details on our outstanding benefits, please visit our benefits page on USAAjobs.com.Applications for this position are accepted on an ongoing basis, this posting will remain open until the position is filled. Thus, interested candidates are encouraged to apply the same day they view this posting.USAA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.