Project Lead - Cyber Audit

There’s never been a more exciting time to join United Airlines. We’re on a path towards becoming the best airline in the history of aviation. Our shared purpose – Connecting People, Uniting the World – is about more than getting people from one place to another. It also means that as a global company that operates in hundreds of locations around the world with millions of customers and tens of thousands of employees, we have a unique responsibility to uplift and provide opportunities in the places where we work, live and fly, and we can only do that with a truly diverse and inclusive workforce. And we’re growing – in the years ahead, we’ll hire tens of thousands of people across every area of the airline. Our careers include a competitive benefits package aimed at keeping you happy, healthy and well-traveled. From employee-run "Business Resource Group" communities to world-class benefits like parental leave, 401k and privileges like space available travel, United is truly a one-of-a-kind place to work. Are you ready to travel the world?

We believe that inclusion helps us thrive and grow at United across our collaborative Finance teams consisting of Financial Planning & Analysis, Internal Audit, Treasury, Global Procurement, Controllership, Investor Relations and more. These teams provide the financial fuel that keeps our operation running from providing detailed analyses of financial planning, performance, and forecasts to managing our investments and financial strategies. Our Finance team plays an integral role in making our airline profitable and successful by meeting our financial goals.

The Cyber Audit Project Lead will be responsible for leading and completing the DT and Cyber Audit program and supporting the development of a next-generation, global IT audit function. This includes developing a deep understanding of technology and security processes and risks within the airline industry, crafting positive relationships with cross-functional leaders, carrying out the cyber audit program, and mentoring individuals to deliver value audits and high-quality audit reports. This position reports directly to the Senior Manager of IT/Cyber Audit.

• Audit Program and Project Management
• Lead and support cybersecurity and technology audits, demonstrating a strong solid understanding of IT and cybersecurity standards/frameworks (for example, NIST, COBIT, ITIL) that impact the organization both in the United States and globally
• Key activities include audit scoping (including incorporating technical security testing), planning, partner management, fieldwork execution, reporting and validation of remediated audit findings
• Supervise and schedule the work of 1-4 IT and cyber audit staff and/or senior IT and cyber auditors on concurrent projects, under the guidance of the Senior Manager of IT Audit or Manager of IT/Cyber Audit on project results
• Conduct closing meetings with clients to discuss audit results and management action plans for corrective actions
• Communicate progress of audit objectives and testing with clients, audit project team members and/or the IT and cyber Audit management team on a timely basis
• Use data analytics to draw conclusion and ensures that approved audit objectives are met, and that adequate coverage is achieved
• Review all team written communications such as audit reports, client correspondence, memos and other working papers that document the procedures performed, findings, and conclusions
• Assist with special projects, contracted services, and other agreed upon procedures requested of the Internal Audit department
• Actively participate in ad-hoc committees and task forces
• Strive to add value to the productivity and growth of the department
• Support the development of the technology and cybersecurity program to deliver against strategic program objectives and enhance integrated project delivery
• Advance cyber assurance processes and techniques through red team principles, incorporation of security assessment tools, and enhanced technical testing
• Staff Development and Engagement
• Train audit staff on audit standards, department procedures and technical skills required for their position
• Train audit staff on deepening technical auditing capability incorporating red team and blue team offensive and defensive cyber concepts
• Coaches and mentors staff to improve audit delivery and leadership capabilities
• Business Unit Relationship Development and Risk Assessment
• Influence client management to drive measurable action plans to address control deficiencies
• Participate in meetings that develop business unit relationships which work to ensure audits address areas of concern relative to the business’ goals and performance objectives
• Interact with client personnel to better understand their business and strategy, demonstrating a commitment to continually improve the organization
• Assess risk, maintain knowledge of evolving cyber threats and risk management landscape, general business and economic developments and gain an understanding of the Company’s industry and related control risks

United values diverse experiences, perspectives, and we encourage everyone who meets the minimum qualifications to apply. While having the “desired” qualifications make for a stronger candidate, we encourage applicants who may not feel they check ALL of those boxes! We are always looking for individuals who will bring something new to the table.

• Bachelors degree in Cybersecurity, Information Systems, computer software engineering, Business, data science/analytics or related field
• CISSP or comparable designation
• Minimum of 4 years cybersecurity, IT audit, IT and/or a related field inclusive of at least 1 year of experience with either supervising teams or project management
• Strong grasp of basic cybersecurity and technology concepts (infrastructure, applications, cloud architecture and security, engineering etc.)
• Knowledge of IT and cyber auditing processes/procedures
• Knowledge and skill in applying internal auditing principles and practices, management principles and preferred business practices
• Knowledge of Cybersecurity and IT frameworks, e.g., NIST 800-53, NIST CSF,COBIT, ISO 27001/2, CIS, OWASP, MITRE ATT&CK
• Proven knowledge of and skill in applying data analytics to audit projects
• Strong proven understanding of Microsoft applications such as Word, Excel, Visio, Outlook and Access
• Strong problem-solving skills and ability to communicate effectively, both in written form and orally
• Willingness and ability to travel up to 15, both domestically and internationally
• Must be legally authorized to work in the United States for any employer without sponsorship
• Successful completion of interview required to meet job qualification
• Reliable, punctual attendance is a crucial function of the position

• OSCP or equivalent
• Data analytics experience
• Direct experience in the transportation field
• Experience using cybersecurity assessment tools, for example burpsuite, snort, wireshark, password crackers, and other cyber reconessnence tools
• Experience using Microsoft Power BI, Spotfire and AuditBoard
• Ability to assess sophisticated IT and business processes environments to identify risks
• Excellent analytical, organizational, problem-solving and prioritization skills
• Ability to work under time pressure, prioritize a high workload, and meet deadlines
• Positive demeanor and open approach, not afraid to roll up your sleeves

United Airlines is an equal opportunity employer. United Airlines recruits, employs, trains, compensates and promotes regardless of race, religion, color, national origin, gender identity, sexual orientation, physical ability, age, veteran status and other protected status as required by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions. Please contact JobAccommodationsunited.com to request accommodation.