Internal Audit AVP - Information Security

We are currently supporting a Global Financial Services organisation looking to appoint an Internal Audit AVP focusing on Information Security.

Responsibilities:

• Build and sustain effective working relationships with peers across the organisation.
• Monitor strategic initiatives to identify previously unrecognised risks or emerging control issues.
• Conduct continuous monitoring activities through regular stakeholder engagement—under the direction of the Director—to identify emerging risks and issues, and report findings to audit management.
• Identify opportunities to enhance Internal Audit processes and lead departmental improvement initiatives.
• Contribute to the Internal Audit risk assessment process to support development of the Audit Plan.
• Plan and execute complex technology and information security audits, including high-level reviews, test strategy design, preparation of audit test papers, and drafting audit findings.
• Perform validation work to confirm effective remediation of audit and regulatory issues.
• Oversee and track remediation activities to ensure timely and effective closure.
• Actively support the enhancement of audit practices, tools and methodologies.
• Maintain up-to-date technical knowledge and skills through continuous professional development.
• Share relevant learning opportunities and insights with Internal Audit colleagues.
• Uphold the professional standards of the Internal Audit function and operate in line with its Charter, Mandate, Terms of Reference, and IIA guidelines.
• Demonstrate adaptability and remain focused on key audit priorities, with direction from senior audit management.

Requirements:

• Internal Audit experience within a financial services environment (ideally banking), with exposure to a broad range of IT and technology audit areas.
• Ability to provide subject-matter expertise during integrated audits.
• Strong analytical and critical-thinking skills.
• Proven experience engaging with stakeholders at all levels of management.
• Excellent written and verbal communication skills.
• Good understanding of relevant regulatory requirements (e.g., FRBNY, FCA).
• Strong IT security and technical expertise, ideally with around 8 years of industry experience.
• Practical experience working with key security and technology risk frameworks such as ISO 27000, NIST, CIS Critical Security Controls, COBIT and IIA GTAGs.