Job Description SummaryReporting to the Director, Technology Audit, GE Aerospace, this role will lead a team of IT auditors and technical subject matter experts through data-driven, risk informed, digital/cybersecurity and integrated audits across GE Aerospace leveraging modern assessment tools and an industry tailored, best-in-class audit methodology.Job Description
GE Aerospace is amid a significant and public transformation of its portfolio, leadership, operations, and culture. One of the top priorities within this transformation is the Internal Audit function. GE Aerospace is currently evolving the function, focusing on the development of data driven and automation enabled digital security audit expertise to serve as a true business partner for the audit committee and executive leaders, while still maintaining its commitment to talent development, both within and outside the function.
A key dimension of this role will be leading a multi-disciplinary team through complex IT and Cybersecurity assessments to objectively identify and evaluate risks that may adversely impact the security posture or operations of the business. To accomplish this, the Manager, Technology Audit will:
Work with fellow Internal Audit professionals and partners to establish and uphold a top-tier audit methodology. This should incorporate automated testing of controls and a deep understanding of the technology stacks cybersecurity aspects, covering network, application, and operational technology security
Customize audit plans according to the specific industry risks and compliance needs of the entity being audited. These plans should be aligned with the scope defined by the Digital Technology teams.
Adopt a flexible strategy that adjusts to the technical setup of the entity under audit, considering their unique technology platforms and configurations.
Key Responsibilities:
Assists in the design, development, and maintenance of a comprehensive technical audit methodology, based in technical expertise, and molded to the risk profile of the business.
Leads the execution of comprehensive audit plans including objectives, audit procedures, audit budgets, and team schedules.
Guides the audit team in applying appropriate audit procedures to the areas reviewed so that controls are tested from the perspective of business risk and that populations are fully covered.
Reviews audit workpapers to ensure they are clear, complete, and well-organized.
Helps to establish and manage use of automated workflows to increase the efficiency and coverage of risks within the audit process.
Ensure that the in-scope business entity is fully aligned cross-functionally within the business unit and external to the enterprise for the implementation of sustainable, systemic action plans that address root cause and reduce attack surface.
Identifies opportunities for improvement to audit methodology, tools, and training.
Stays current on relevant business risks (e.g., current events, audit trends, emerging technologies, cybersecurity, etc.) and determines where appropriate to apply to engagements.
Leverages audit to educate management on complex technical risks, the application of control frameworks, and the quantitative management of risks.
Manages and develops direct reports to strengthen leadership capability and audit competency.
Coaches their audit team members in building audit, BU, and cyber knowledge.
Professional Experience/Success Profile:
Bachelors Degree in Computer Science or in "STEM" Majors (Science, Technology, Engineering and Math) or Business Administration with a minor in Computer Information Technology is preferred.
8+ years of professional experience in IT Governance, IT Risk, IT Audit, IT Operations or related fields, preferably with a Fortune 1000 companies or Big 4 assurance organization.
CISM, CISA, CISSP, CRISC designation or other relevant certification is desirable.
Understanding of regulatory and external requirements as they relate to IT, privacy and cybersecurity for regulations such as CMMC and SOX.
Experience using some of the industry standards/framework, such as NIST 800-53, NIST 800-171, NIST Privacy Framework, CSA CCM, ISO 27001, ITIL v3, COBIT and FAIR is desirable.
Knowledge of IT Operational Functions including IAM, Asset Management, Cybersecurity, Data Privacy.
Proven ability to handle scale, change agenda, pace and overall complexity.
Track record of working alongside business leaders, positioning internal audit as a strategic partner, identifying and helping mitigate risk.
Superior business acumen; ability to build strong relationships and trust with company leadership and business process owners.
Modern Audit/ Data-Driven Approach-- Track record of leveraging technology and using data to drive insights and actions.
Strong quantitative and qualitative analysis skills; ability to take large volumes of complex information and present it in a clear and concise manner; uses data and a cogent problem-solving methodology in decision making and impact assessment.
Additional Information
GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
GE will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable).
Relocation Assistance Provided: No
