Cybersecurity and IT Internal Audit Manager - Location Flexible
San Francisco, CA; Remote - US
Dropbox
Dropbox helps you simplify your workflow. So you can spend more time in your flow.Role Description
The Cybersecurity and IT Internal Audit Manager is a member of the Dropbox Internal Audit function, which provides risk-based, independent and objective assurance and insight designed to enhance Dropbox’s operations. In this role, you will support the IT internal audit function and provide assessment and assurance in operational effectiveness and compliance with company policies and procedures with the focus on the IT related areas including Cybersecurity, IT and Engineering, Product and Design, as well as the IT components in the internal control framework over financial reporting.You demonstrate strong ability and experience in Cybersecurity, technology operational audits and IT SOX compliance testing, together with relationship building and communication skills. You have a strong understanding of technology processes and operations with business acumen, and are capable of incorporating data analytics and automated tools/techniques in executing audit projects. You are capable of developing project plans and strategies, and resolve challenges. In this role, you will have the opportunity to manage 3rd party providers along with working independently. You have a "can do" attitude, a strong desire to "step out of the comfort zone" and learn new technology and business requirements, and grow to become a true risk and control adviser and an effective team lead.
Responsibilities
- Cybersecurity Audit and IT and Engineering Operational Audit
- Leads risk assessment, scoping, and planning activities for cybersecurity audit projects and assurance activities
- Guides development of audit work programs and testing procedures that are relevant to risks and test objectives
- Leads a team of audit resources (internal and/or external) to execute audit fieldwork autonomously and ensures audit conclusions are well documented and supported in accordance with IIA working paper standards, and makes improvement recommendations to management
- Drafts clear and meaningful findings, high quality audit reports, presentations, and other materials for Sr. Management and the Board
- Leads business partners in tracking internal audit observations to resolutions
- SOX IT Internal Control
- Supports the Head of IT Audit in the overall SOX program planning, testing and reporting
- Leads SOX general IT control and automated control design review, walkthrough and testing, and coordinate with business partners in remediation
- Works collaboratively with consultants from third party professional service provider(s) in executing testing of general IT controls and automated controls
- Coordinates with external auditors in SOX 404 audits
- IT Business Process and System Control Advisory
- Provide control advisory in system redesign and implementation efforts
- Internal Audit Operation
- Participate in initiatives in streamlining internal audit operations (e.g., internal audit automation, tool implementation, etc.)
- Leads or participates in other ad-hoc projects as assigned
- Relationship Building and Management
- Builds collaborative and trusting relationships with business partners, management, and other cross-functional stakeholders
- Interacts regularly with management and clearly communicate and articulate valuable business insights
Requirements
- Bachelor's degrees in Information System Management, Computer Engineering, Business Administration, Finance, or related fields
- 4-7 years of experience in cybersecurity audit, technology internal audit, SOX IT control testing, or SOC audit
- Experience in a Big 4 auditing firms and exposure to the Technology Industry is preferable
- One or more relevant professional certifications preferred (CISA, CISM, CISSP, etc.)
- Strong understanding of IT, engineering processes and cloud operational environment
- Familiarity with Oracle Fusion preferred
- Experience in completing data analytics and data intelligence capability
- Ability to recognize risks and business concerns of the company as a whole
- Ability to manage conflicting objectives, groups, and individuals across functions or organizations
- Open to learn new technology, and adapt to new processes
- Have a sense of urgency and be able to work in a fast pace environment
- Strong analytical, critical thinking and problem solving skills and ability to handle multi-projects with prioritization
- Highly detail oriented, with a strong propensity for high quality work product
- Motivated self-starter who works well individually and in teams
- Ability, competence, and confidence to lead people
- IT, engineering or cloud operation experience is a plus
- Limited travel may be required
Tags: Analytics Audits Automation CISA CISM CISSP Cloud Compliance Finance Oracle Risk assessment
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open IPS-related jobs