What are the responsibilities and job description for the IT & Cybersecurty Audit Manager position at Amphenol?
Company Description
Amphenol is a Fortune 500 company, founded in 1932 and headquartered in Connecticut, with a global team of over 90,000 employees. As one of the world’s largest manufacturers, Amphenol's products are integral to the electronic devices and technologies you use every day, including cell phones, automobiles, and network infrastructure. The company operates at the forefront of innovation, contributing to industries ranging from telecommunications to automotive. Amphenol’s commitment to quality and precision has made it an industry leader worldwide.
Role Description
The IT & Cybersecurity Audit Manager is a full-time hybrid role based in Wallingford, CT, with an option to work remotely part of the time. This role entails designing and performing IT audits, assessing cybersecurity measures, and ensuring compliance with IT controls. Responsibilities also include identifying risks, enhancing IT governance, and collaborating with stakeholders to recommend solutions. The role requires proactive management of risk and compliance frameworks to safeguard the organization’s IT infrastructure.
Qualifications
Education:
· Bachelor’s degree in management information systems, Computer Science, IT or related STEM
discipline.
· Certification is required - CISA, CISSP, CISM, CICA, CIA, CCSP, CEH, CompTIA Security , SSCP
Experience:
· At least 6 to 8 years of experience in IT Auditing, Cybersecurity, IT security experience and expertise, often within a public accounting firm or large corporate internal audit or IT department.
· Ability to multi-task in a fast-paced, dynamic environment.
· Strong analytical skills - ability to analyze and detect trends, issues or flaws; determine root case of issues; and partner with others to drive solutions.
· Excellent communication and report writing skills.
· Knowledge of information security risk management frameworks and compliance practices.
· Experience responding to, analyzing, and communicating information security incidents.
· Excellent interpersonal, communication, and presentation skills, including report writing experience.
· Attention to detail, QA skills, the ability to “think forward,” adept at problem solving and addressing
issues and complications before they expand.
· Experience with and knowledge of hardware and software, networks, data centers, systems and other
related areas related to cyber security.
· Conscientiousness and excellent time management skills.
· Fluent in Mandarin, Spanish or other European Language is a plus.
- · Between 25%-50% travel is required.
Key Responsibilities:
· Assist the Senior IT Audit Manager or Director in executing an integrated, value-adding IT audit
function via IT General Controls and Cyber Security Controls
· Execution of global system-wide risk management function of the information security program to ensure information security risks are identified and monitored. Audit of individual IT audit engagements including operational audit and SOX testing including planning, performing and analyzing audit results using an integrated audit approach which concentrates on high-risk areas, and review of both operational and IT & cyber security controls.
· Risk Assessment, including:
o Assist the IT Audit Director to create and perform entity-level risk assessments, Risk Matrix, and
Control Matrix.
o Understand potential risk in processes and cyber security relating to each business unit.
o Develop the IT & Cybersecurity audit plan and act as a thought-partner for the Global Audit
Director in preparing audit strategy for other technology audit areas to collectively form the
annual, risk-based internal audit plan.
· Planning of the IT audit, including:
o Schedule IT audits and other projects based on risk assessment, business unit needs and other
priorities.
o Design and follow appropriate risk-based audit procedures and work plans to ensure the
objectives of each audit are achieved.
o Lead the planning, scoping and execution of audit and consulting projects, including guiding
the development of new audit work programs in data privacy and cybersecurity.
· Execution of the IT & Cybersecurity audit, including:
o Interact with local IT Management (whether internal and/or co-sourced), Finance team and
Management teams to understand the business.
o Recommend programmatic and technical directions and operate with a high degree of
independence in matters relating to the investigation, impact, and analysis of security
incidents, decisions regarding risk, and measures for compliance.
o Internally assess, evaluate and make recommendations to management regarding the
adequacy of the security controls for the Global Amphenol information and technology
systems.
o Schedule and conduct detailed audits of information technology systems and infrastructures to verify systems are secure and support the related applications or business processes.
o Ensure work paper documentation supports auditing conclusions.
o Audit controls over existing systems and ensuring full compliance with regulatory guidance and internal policies & procedures.
· Analyzing and reporting the results, including:
o Prepare and present final audit reports to local and senior management to discuss areas of risk identified, processes weaknesses, areas of risk, recommendation to mitigate that risk.
o Evaluate related action plans and process improvement opportunities with local management.
o Manage the IT audit findings log to ensure Internal Audit follow-up with management and to ensure management action plans are implemented satisfactorily. Escalate discrepancies directly corporate management to determine the reasonableness and appropriateness of remediation plans.
o Review the status of corrective actions taken to improve deficient conditions as generally recommended.
o Conduct advanced penetration and vulnerability tests on a company's system and identify any breaches or weaknesses in the security setup.
o Plan, implement, manage, monitor and upgrade security measures for the protection of the organization’s data, systems and networks.
o Troubleshooting problems associated with our security and network, including handling any system breaches.