Senior IT/Cyber Auditor

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. 
 

Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.

Life at F5 is never dull. We are constantly identifying industry trends and disruptions, then innovating to get ahead of future customer needs—creating application services that help the world’s leading organizations deliver their critical business apps faster and with the highest levels of flexibility, security, performance, and support.

But our success is not driven solely by what we do. We also care deeply about how we do it. At F5, our culture is how we live, every single day. And it is producing extraordinary results—not only for our customers but also for our employees. We understand that your life is about more than just work, so we are committed to a culture that supports your whole life. We offer work/life integration programs like Freedom to Flex, dynamic employee inclusion groups, paid parental leave, tuition assistance for professional development, a comprehensive mentoring program, rewards/recognition, and so much more. At F5, we truly do help each other thrive.

As a Senior IT/Cyber Auditor, you will be responsible for executing individual internal audit projects with a focus on the examination and analysis of internal controls, risks, and processes related to F5’s information systems, IT infrastructure, and IT internal control environment. This position includes developing project scope, defining and executing internal audit procedures, preparing high-quality reports to accurately reflect the work performed, and actively monitoring the status of outstanding issues. The Senior IT/Cyber Auditor will also assist Internal Audit Management in providing periodic reports to the Audit Committee and developing the annual internal audit plan.

Primary Responsibilities: 

• Assist in defining scope, approach, and project-specific risks for IA engagements included in the annual audit plan, contributing to annual risk assessments and audit plan development.
• Plan, document, and conduct complex audit assignments and projects, executing all aspects of IA projects independently and/or as a part of a team, with management input and oversight.
• Assist with special audits, consulting projects, and other assignments as requested.
• Develop an awareness of changes in IT audit practices, regulatory requirements, and IT Risk frameworks to understand their impact on auditing (e.g., NIST CSF/RMF, NIST 800-53/FedRAMP, NIST 800-218, NIST 800-161, Cloud Shared Responsibility Model, IaaS/PaaS/SaaS service models, Cloud Security Alliance (CSA), COBIT, ISO/IEC 270xx, PCI-DSS, SOC 2, etc.)
• Develop knowledge of policy, procedures, internal control concepts, and best practices to assess policy compliance, control design and effectiveness, and adherence to best practices.
• Build relationships with key stakeholders across F5, providing valuable business support as a trusted advisor on processes, risks, and controls prior to key process/system implementations.
• Conduct stakeholder interviews (to include observation, testing, and documentation) and audit fieldwork in accordance with IA department standards;
• Identify, document, and communicate issues, recommendations, and process improvement opportunities; and review/draft clear, concise IA findings and reports to present to management.
• Partner with IA stakeholders to develop corrective action plans
• Manage multiple projects concurrently and meet timely targets for assigned projects
• Develop skills to lead audit engagements and coach other auditors.
• Perform SOX IT General Controls (ITGC) testing of key IT and automated business processes, as required, in collaboration with IT Compliance and External Audit. Test key reports for accuracy and completeness via validation of report logic, source data, and input parameters.
• Maintain a concern for IA process improvement with a focus on methodology and execution, cost savings opportunities, and leveraging data analytics to provide valuable insights into the risk assessment and audit plan development process.

Other Responsibilities:

• Uphold F5’s Business Code of Ethics and model the Be F5/Lead F5 Behaviors.
• Promptly report violations of the Code or other company policies.
• Adhere to IIA standards and perform other related duties as assigned.

Knowledge, Skills, and Abilities:

• Understanding of internal control concepts and experience in applying them to plan, perform, manage, and report on the evaluation of various business processes, areas, and functions.
• Experience auditing and evaluating IT projects/programs/systems (e.g., SDLC reviews), infrastructure, cybersecurity risks/controls and operating systems (Oracle experience is a plus)
• Must be able to work independently with limited direction, see the big picture while maintaining a strong attention to detail, and work on multiple projects with varying team members.
• Strong understanding of internal auditing standards, COSO/COBIT, risk assessment practices, technical aspects of accounting and financial reporting, and regulatory compliance.
• Strong interpersonal, organizational, and planning skills, with unquestionable ethics/integrity
• Strong communicator with the ability to disseminate issues via written reports and verbal discussions, document results, and prepare/present audit reports to peers and management.

Qualifications:

• BA/BS from an accredited university in MIS/IT/CS, business, finance, cybersecurity, or a related field (or equivalent education and work experience)
• 5+ years of IT audit, InfoSec/cybersecurity, and/or IS/IT experience in a public accounting firm or public company with a focus on security, privacy, ERM, GRC, and controls
• CISA / CISSP (preferred), CIA, CPA, CCSP, CISM
• IT auditing skills with familiarity in at least one of the following areas: Cyber Security including auditing an ISO 27001 ISMS; data analytics, Robotic Process Automation (RPA), system development & testing; UNIX; Windows; Oracle, SQL (Technology industry experience is a plus)
• Strong interpersonal skills to communicate effectively – both written and verbally – with technical and non-technical audiences and work with all levels of management.
• Exceptional organizational/time management skills, attention to detail, and diligence are required to document thought processes, validate assertions with logic, deliver quality work consistently, and adjust your approach as required based on management feedback.
• Ability to work a flexible schedule during key business deadlines.

Physical Demands and Work Environment:

• Duties are performed in a normal office environment while sitting at a desk/computer table
• Duties require the use of a computer, communication by phone, and reading printed material.
• Duties may require travel via car/plane, lifting up to 50lbs, and work outside of standard hours.

Benefits:

• Comprehensive medical, dental, and vision coverage; 401K with company match
• Generous paid vacation time, paid holidays and paid parental leave
• Quarterly Wellness Weekends to focus on personal and professional growth
• Global Good initiatives like employee matching, volunteering, and F5 Foundation
• Additional benefits include free transit cards, free vanpools, Social Thursdays, etc.
• Work/life integration programs like Freedom to Flex, dynamic employee inclusion groups, a comprehensive mentoring program, and rewards/recognition
• Tuition assistance for professional development

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

The annual base pay for this position is: $91,334.00 - $137,002.00

F5 maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, geographic locations, and market conditions, as well as to reflect F5’s differing products, industries, and lines of business. The pay range referenced is as of the time of the job posting and is subject to change.

You may also be offered incentive compensation, bonus, restricted stock units, and benefits. More details about F5’s benefits can be found at the following link: https://www.f5.com/company/careers/benefits. F5 reserves the right to change or terminate any benefit plan without notice. 

Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).

Equal Employment Opportunity

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting [email protected].