The IT Audit Manager (Business Resiliency) will be part of this team and focus on driving end-to-end audit services of Information & Technology risk with a focus on Business Resiliency. This spans multiple areas, such as covering technology risk while reviewing Freddie Mac's core business processes down to driving audits focused on core Information Technology General Controls. As part of the Third Line of Defense, the candidate will work closely with risk partners in the Second Line of Defense and practitioners in the First Line of Defense in both the lines of business and Information Technology. As part of the leadership of the IT Audit team, the IT Audit Manager will have the opportunity to help lead and develop an innovative, agile and high performing team.
- Schedule and oversee the work of audit teams to ensure it is completed on time and in keeping with professional standards.
- Perform and document work such as audit scoping, procedure development, walkthroughs and controls testing of higher risk and/or complex areas in accordance with Internal Audit standards.
- Provide consultative advice to business and IT management on current or emerging Information & Technology risk (focus on Business Resiliency risks), control and governance matters.
- Review monthly risk metrics of the First and Second Line of Defense and industry news to identify emerging issues and trends (focus on Business Resiliency) and communicate implications to senior leadership within Internal Audit and Freddie Mac.
- Based on the work performed, draft strategic, business focused audit reports to identify and communicate issues.
- Conduct internal training sessions to help other audit teams understand Information and Technology risk (focus on Business Resiliency).
- Build strong relationships with leaders across the First and Second Lines of Defense to enable strong collaboration, while maintaining Internal Audit's independence.
- Perform people management related tasks such as performance evaluations, coaching, and creating development plans.
- Perform and document work in accordance with Internal Audit standards.
- Maintain technical knowledge through ongoing research and review of industry publications.
- Minimum of 8 years working experience, with at least 2 years of management experience. Experience must include a minimum of 4 years auditing Information & Technology risks in a large IT environment with a focus on business resiliency.
- Bachelor's degree in Management Information Systems, Business Administration with an emphasis in Technology, Computer Science, Accounting Information Systems or related discipline
- Certified Information Systems Auditor (CISA) and Certified Business Continuity Professional (CBCP) or equivalent
- Working knowledge of industry standards such as COBIT, ITIL, and ISO
- Must work well in a team-oriented environment as well as individually
- Must work creatively and analytically in a problem-solving environment
- Must demonstrate effective verbal and written communication and interpersonal skills
- Master's Degree in one of the above disciplines
- Additional certifications such as Master Business Continuity Professional (MBCP), Certified Business Continuity Lead Auditor (CBCLA), Project Management Professional (PMP) and/or Certified Internal Auditor (CIA)
- Project Management experience