Job Description Summary
Based from one of GE’s major US operations and reporting to the Chief Audit Executive, Digital Technology and Cyber (CAE-DT), the Director, Cyber Security Assurance will manage Internal Audit engagements focused on enterprise-wide core technology and cyber security programs. Additionally, this leader will partner across GE business units to drive effective implementation and assurance of enterprise cyber, control, and risk management frameworks.
GE is in the midst of a significant and public transformation of its portfolio, leadership, operations and culture. One of the top priorities within this transformation is the Internal Audit function. GE is currently evolving the function, focusing more on the development of deep, data-driven, modern audit expertise and experience to serve as a true business partner for the audit committee and executive leaders, while still maintaining its commitment to talent development, both within and outside the function.
A key dimension of this role will be:
- Collaborating with Enterprise technology leadership (CIO, CTO, CISO) to identify and evaluate risks and drive risk-based audit approach.
- Driving 3rd layer of defense cybersecurity initiatives related to cyber readiness, compliance, and risk management.
- Acting as a trusted advisor to BU Chief Audit Executives and Digital Technology Leaders across the business in the evaluation and understanding of the GE security posture.
- Designs and manages the enterprise Internal Audit cyber security risk exposure program based on the outcome of annual audits in partnership and in coordination with the GE Cyber team and BU Digital Technology leaders.
- Partners with Enterprise Risk Management to continually track and monitor entity level cyber risk and will assist in defining and tracking standard IA Cyber KPI’s across entities.
- Enhances, aligns, maintains, and educates BUs on enterprise cyber program, cyber control, and risk management frameworks in partnership and coordination with the GE Cyber team and BU Digital Technology leaders.
- Translates technical risks to cross-functional teams to assist the broader organization in understanding and addressing cyber risks.
- Manage a portfolio of assigned audits and related activities, including staffing, scheduling, and coordination with stakeholders to ensure the timely completion of the plan.
- Develop audit programs and testing procedures relevant to risk and test objectives.
- Maintain an awareness of current and emerging internal and external organizational, procedural, and technological changes that may impact the audit entity under review.
- Manage and monitor the progress of the audit engagement, prioritize the workload of the audit team, and identify/escalate any necessary changes to the audit as the engagement progresses.
- Deliver audits in highly technical areas of current/emerging technologies including cloud, security, distributed computing, IoT, Zero Trust Networks, High Value Asset Protection.
- Stay abreast of new and emerging regulations & trends that impacts information technology controls and rapidly adjust audit plan or procedures accordingly.
- Scope and deliver risk-based audits, including communicating findings with clients in a clear and timely manner; writing audit reports that are meaningful and comprehensive (yet easy to understand); working with management to develop action plans to remediate findings and address areas for improvement; and track corrective actions through to completion.
- Attract, develop and retain a high performing Internal Audit team. Mentor, coach and teach, as needed, including developing people for career opportunities and advancements within General Electric, including, but not limited to, the IT technological areas. Develop, update and maintain talent development, training and succession plans for the department.
- Drive continuous improvement mindset in the audit function, including identifying and integrating best practices; Identify specific actions to improve the efficiency and effectiveness of Internal Audits.
- Create an equitable and inclusive environment where people can bring their full selves to work and unlock their greatest potential and contributions to the team.
- Achieve annual goals and budget targets by effectively managing resources and stakeholder requirements.
PROFESSIONAL EXPERIENCE/SUCCESS PROFILE
- Bachelor’s Degree in Computer Science or in “STEM” Majors (Science, Technology, Engineering and Math) or Business Administration with a minor in Computer Information Technology is preferred.
- Minimum of 10 years of professional experience in IT Governance, IT Risk, IT Audit, IT Operations or related fields, preferably with a Fortune 1000 companies or Big 4 assurance organization.
- CISM, CISA, CISSP, CRISC designation or other relevant certification is desirable.
- Understanding of regulatory and external requirements as they relate to IT, privacy and cybersecurity for regulations such as DFARS, CMMC, FISMA, HIPPA, GDPR, NERC-CIP and SOX.
- Experience using some of the industry standards/framework, such as NIST 800-53, NIST 800-171, NIST Privacy Framework, CSA CCM, ISO 27001, ITIL v3, COBIT and FAIR is desirable.
- Knowledge of IT Operational Functions including IAM, Asset Management, Cybersecurity, Data Privacy.
- Proven ability to handle scale, change agenda, pace and overall complexity.
- Track record of building / transforming an audit function to drive business strategy.
- Track record of working alongside business leaders, positioning internal audit as a strategic partner, identifying and helping mitigate risk.
- Superior business acumen; ability to build strong relationships and trust with company leadership and business process owners.
- Modern Audit/ Data-Driven Approach- Track record of leveraging technology and using data to drive insights and actions.
- Strong technical internal audit skills, including IT audit skills and knowledge of SOX 404 requirements.
- Lean Process orientation; Passion to help improve operations continuously.
- Strong quantitative and qualitative analysis skills; ability to take large volumes of complex information and present it in a clear and concise manner; uses data and a cogent problem-solving methodology in decision making and impact assessment.
- Capability to work with a team in a fast-paced environment to meet strict deadlines while managing multiple priorities.
- Steps forward to address difficult issues and guide others toward the accomplishment of identified, meaningful goals.
- Initiates, supports and manages change within the organization, taking steps to remove barriers or to accelerate its pace.
- Ability to quickly assimilate relevant information in unfamiliar situations.
- Ability to synthesize and communicate complex technology topics to all levels of the organization.
- Excellent listening, verbal, written and presentation communication skills.
GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
GE will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable).
Relocation Assistance Provided: Yes
- Address Boston, MA, USA
- Salary Offer $100.000 ~
- Experience Level Manager
- Total Years Experience 10-20
- Academic Degree Bachelors