Senior Audit Manager - IT/IS

Why USAA?

At USAA, our mission is to empower our members to achieve financial security through highly competitive products, exceptional service and trusted advice. We seek to be the #1 choice for the military community and their families.

Embrace a fulfilling career at USAA, where our core values – honesty, integrity, loyalty and service – define how we treat each other and our members. Be part of what truly makes us special and impactful.

The Opportunity

As a Senior Audit Manager - IT/IS, you'll manage and lead technology and information/cyber security (IT/IS) audit engagements, varying in complexity, and often participates in complex, cross-functional risk-based assurance and advisory engagements driving quality of audit work and leads engagements as Auditor-In-Charge (AIC). This role maintains knowledge of large financial services regulations (e.g., Office of the Comptroller of Currency’s Heightened Standards and Federal Reserve Board’s Large Financial Institution Rating System) and effectively responds and interacts with regulators. Manages strategic initiatives and assists with the development and implementation of the risk-based audit plan for IT/IS. Serves, and/or partners with audit and IT/IS subject matter expert(s) to analyze issues, establish collaborative client relationships, and proactively work with client management to assess risk and improve internal controls. Adheres to the Institute of Internal Auditors' International Standards for the Professional Practice of Internal Auditing (Standards) and Code of Ethics.

We offer a flexible work environment that requires an individual to be in the office 4 days per week. This position can be based in one of the following locations: San Antonio, TX, Plano, TX, or Charlotte, NC. Relocation assistance is not available for this position.

What you'll do:

• Influences business and clients across the enterprise regarding effective internal controls and mitigating risks across the full Enterprise taxonomy and challenges business management to adopt appropriate policies and procedures and effective controls designed to mitigate risks.

• Serves as Auditor-in-Charge (AIC) and main point of contact, manages IT/IS audit engagement-related efforts, and leads continuous monitoring activities.

• Overseeing assignments of staff with varying degrees of expertise and experience when conducting engagements, specialized audits or IT/IS audits recognizing the cross-matrixing and cross-functionality within the technology and information/cybersecurity areas.

• Ensures assigned IT/IS audit engagements are completed objectively, professionally, timely and in accordance with corporate and industry audit standards.

• Approves the engagement risk and control matrix and scope of the audit for final review and approval by Audit Leadership.

• Proactively identifies IT/IS control weaknesses and opportunities for improvement in the current operating environment providing recommendations for corrective action. Drafts the related audit technology and information/cybersecurity issues and audit reports for issuance to respective client leadership conducting follow-up activities.

• Responsible for quality of audit reviews with final signoff of work papers; proposes and/or recommends updates to the universe risk assessment of the entity based on audit results.

• Leads team activities and provides feedback to the team on IT/IS audit activities related to planning and scoping, testing, and sampling methodology and testing conclusions.

• Provides coaching and guidance to other auditors ensuring timeliness and quality of audit engagement deliverables. May deliver audit team end of engagement evaluations.

• Participates in development of the Audit IT/IS annual plan including proper assessment and coverage of risks and emerging risks and assists with execution of the annual plan.

What you have:

• Bachelor's degree; four additional years of related experience beyond minimum required may be substituted in lieu of a degree.

• 8 years of audit or controls experience in a financial services or technology/information security environment.

• 4 years audit experience in the technology and/or information security (IT/IS) areas.

• Experience performing internal audits, external audits, or applying audit, risk, or compliance acumen in a complex operational and regulatory environment.

• Broad and comprehensive experience in Audit theory, internal audit principles with demonstrated experience in IT/IS audit examining, analyzing, assessing, and drawing conclusions from audit work.

• Demonstrated experience effectively communicating and challenging Controls with business partners and influencing business outcomes.

• Understanding of risks and internal controls and the ability to evaluate and determine adequacy and efficiency of controls.

• Experience mentoring and providing feedback to audit team members regarding audit engagements.

• Experience in overseeing work with both internal and external partners in a highly collaborative environment.

• Demonstrated critical thinking and techniques and decision-making abilities.

• Demonstrated experience in highly dynamic environment and ability to deal with competing priorities.

• Specific industry frameworks and standards knowledge required includes COBIT, NIST 800-53, NIST CSF, CRI Profile, OWASP, STIGs, CIS Benchmarks, ISO 27001/2, SOC 2, PCI DSS, ITIL, and FFIEC booklets (e.g., information security, business continuity, etc.).

• Experience with compliance requirements including GDPR, GLBA, and CCPA.

• Experience working with IT general controls, Technology infrastructure management and platforms (e.g., mainframe, midrange, distributed), and Network architecture and security (e.g., network segmentation, firewalls, proxies, encryption protocols, endpoint protection) or related work.

What sets you apart:

• Experience in Sensitive Data Management, including audit data classification, data protection methods (encryption, tokenization, etc.), and data discovery/remediation.

• Experience in Data Lineage and Mapping, including auditing data lineage, capable of tracing and mapping the data lifecycle from its origin to consumption.

• Experience in Data Quality Assessments, including knowledge of conducting data quality assessments to uphold the accuracy, completeness, and reliability of critical data.

Compensation range: The salary range for this position is: $143,320 - $273,930.

Compensation: USAA has an effective process for assessing market data and establishing ranges to ensure we remain competitive. You are paid within the salary range based on your experience and market data of the position. The actual salary for this role may vary by location.

Employees may be eligible for pay incentives based on overall corporate and individual performance and at the discretion of the USAA Board of Directors.

The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job.

Benefits: At USAA our employees enjoy best-in-class benefits to support their physical, financial, and emotional wellness. These benefits include comprehensive medical, dental and vision plans, 401(k), pension, life insurance, parental benefits, adoption assistance, paid time off program with paid holidays plus 16 paid volunteer hours, and various wellness programs. Additionally, our career path planning and continuing education assists employees with their professional goals.

For more details on our outstanding benefits, visit our benefits page on USAAjobs.com.

Applications for this position are accepted on an ongoing basis, this posting will remain open until the position is filled. Thus, interested candidates are encouraged to apply the same day they view this posting.

USAA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.