Cybersecurity and IT Internal Audit Manager - Location Flexible

Role Description

The Cybersecurity and IT Internal Audit Manager is a member of the Dropbox Internal Audit function, which provides risk-based, independent and objective assurance and insight designed to enhance Dropbox’s operations. In this role, you will support the IT internal audit function and provide assessment and assurance in operational effectiveness and compliance with company policies and procedures with the focus on the IT related areas including Cybersecurity, IT and Engineering, Product and Design, as well as the IT components in the internal control framework over financial reporting.

You demonstrate strong ability and experience in Cybersecurity, technology operational audits and IT SOX compliance testing, together with relationship building and communication skills. You have a strong understanding of technology processes and operations with business acumen, and are capable of incorporating data analytics and automated tools/techniques in executing audit projects. You are capable of developing project plans and strategies, and resolve challenges. In this role, you will have the opportunity to manage 3rd party providers along with working independently. You have a "can do" attitude, a strong desire to "step out of the comfort zone" and learn new technology and business requirements, and grow to become a true risk and control adviser and an effective team lead. 

Responsibilities

• Cybersecurity Audit and IT and Engineering Operational Audit
  • Leads risk assessment, scoping, and planning activities for cybersecurity audit projects and assurance activities
  • Guides development of audit work programs and testing procedures that are relevant to risks and test objectives
  • Leads a team of audit resources (internal and/or external) to execute audit fieldwork autonomously and ensures audit conclusions are well documented and supported in accordance with IIA working paper standards, and makes improvement recommendations to management
  • Drafts clear and meaningful findings, high quality audit reports, presentations, and other materials for Sr. Management and the Board
  • Leads business partners in tracking internal audit observations to resolutions
• SOX IT Internal Control
  • Supports the Head of IT Audit in the overall SOX program planning, testing and reporting
  • Leads SOX general IT control and automated control design review, walkthrough and testing, and coordinate with business partners in remediation
  • Works collaboratively with consultants from third party professional service provider(s) in executing testing of general IT controls and automated controls
  • Coordinates with external auditors in SOX 404 audits
• IT Business Process and System Control Advisory
  • Provide control advisory in system redesign and implementation efforts
• Internal Audit Operation
  • Participate in initiatives in streamlining internal audit operations (e.g., internal audit automation, tool implementation, etc.)
  • Leads or participates in other ad-hoc projects as assigned
• Relationship Building and Management
  • Builds collaborative and trusting relationships with business partners, management, and other cross-functional stakeholders
  • Interacts regularly with management and clearly communicate and articulate valuable business insights

Requirements

• Bachelor's degrees in Information System Management, Computer Engineering, Business Administration, Finance, or related fields
• 4-7 years of experience in cybersecurity audit, technology internal audit, SOX IT control testing, or SOC audit
• Experience in a Big 4 auditing firms and exposure to the Technology Industry is preferable
• One or more relevant professional certifications preferred (CISA, CISM, CISSP, etc.)
• Strong understanding of IT, engineering processes and cloud operational environment
• Familiarity with Oracle Fusion preferred
• Experience in completing data analytics and data intelligence capability
• Ability to recognize risks and business concerns of the company as a whole
• Ability to manage conflicting objectives, groups, and individuals across functions or organizations
• Open to learn new technology, and adapt to new processes
• Have a sense of urgency and be able to work in a fast pace environment
• Strong analytical, critical thinking and problem solving skills and ability to handle multi-projects with prioritization
• Highly detail oriented, with a strong propensity for high quality work product
• Motivated self-starter who works well individually and in teams
• Ability, competence, and confidence to lead people
• IT, engineering or cloud operation experience is a plus
• Limited travel may be required