Project Lead - Cyber Audit
Description:
There’s never been a more exciting time to join United Airlines. We’re on a path towards becoming the best airline in the history of aviation. Our shared purpose – Connecting People, Uniting the World – is about more than getting people from one place to another. It also means that as a global company that operates in hundreds of locations around the world with millions of customers and tens of thousands of employees, we have a unique responsibility to uplift and provide opportunities in the places where we work, live and fly, and we can only do that with a truly diverse and inclusive workforce. And we’re growing – in the years ahead, we’ll hire tens of thousands of people across every area of the airline. Our careers include a competitive benefits package aimed at keeping you happy, healthy and well-traveled. From employee-run "Business Resource Group" communities to world-class benefits like parental leave, 401k and privileges like space available travel, United is truly a one-of-a-kind place to work. Are you ready to travel the world?
We believe that inclusion helps us thrive and grow at United across our collaborative Finance teams consisting of Financial Planning & Analysis, Internal Audit, Treasury, Global Procurement, Controllership, Investor Relations and more. These teams provide the financial fuel that keeps our operation running from providing detailed analyses of financial planning, performance, and forecasts to managing our investments and financial strategies. Our Finance team plays an integral role in making our airline profitable and successful by meeting our financial goals.
Key Responsibilities:
The Cyber Audit Project Lead will be responsible for leading and completing the DT and Cyber Audit program and supporting the development of a next-generation, global IT audit function. This includes developing a deep understanding of technology and security processes and risks within the airline industry, crafting positive relationships with cross-functional leaders, carrying out the cyber audit program, and mentoring individuals to deliver value audits and high-quality audit reports. This position reports directly to the Senior Manager of IT/Cyber Audit.
Audit Program and Project Management
Lead and support cybersecurity and technology audits, demonstrating a strong solid understanding of IT and cybersecurity standards/frameworks (for example, NIST, COBIT, ITIL) that impact the organization both in the United States and globally
Key activities include audit scoping (including incorporating technical security testing), planning, partner management, fieldwork execution, reporting and validation of remediated audit findings
Supervise and schedule the work of 1-4 IT and cyber audit staff and/or senior IT and cyber auditors on concurrent projects, under the guidance of the Senior Manager of IT Audit or Manager of IT/Cyber Audit on project results
Conduct closing meetings with clients to discuss audit results and management action plans for corrective actions
Communicate progress of audit objectives and testing with clients, audit project team members and/or the IT and cyber Audit management team on a timely basis
Use data analytics to draw conclusion and ensures that approved audit objectives are met, and that adequate coverage is achieved
Review all team written communications such as audit reports, client correspondence, memos and other working papers that document the procedures performed, findings, and conclusions
Assist with special projects, contracted services, and other agreed upon procedures requested of the Internal Audit department
Actively participate in ad-hoc committees and task forces
Strive to add value to the productivity and growth of the department
Support the development of the technology and cybersecurity program to deliver against strategic program objectives and enhance integrated project delivery
Advance cyber assurance processes and techniques through red team principles, incorporation of security assessment tools, and enhanced technical testing
Staff Development and Engagement
Train audit staff on audit standards, department procedures and technical skills required for their position
Train audit staff on deepening technical auditing capability incorporating red team and blue team offensive and defensive cyber concepts
Coaches and mentors staff to improve audit delivery and leadership capabilities
Business Unit Relationship Development and Risk Assessment
Influence client management to drive measurable action plans to address control deficiencies
Participate in meetings that develop business unit relationships which work to ensure audits address areas of concern relative to the business’ goals and performance objectives
Interact with client personnel to better understand their business and strategy, demonstrating a commitment to continually improve the organization
Assess risk, maintain knowledge of evolving cyber threats and risk management landscape, general business and economic developments and gain an understanding of the Company’s industry and related control risks
United values diverse experiences, perspectives, and we encourage everyone who meets the minimum qualifications to apply. While having the “desired” qualifications make for a stronger candidate, we encourage applicants who may not feel they check ALL of those boxes! We are always looking for individuals who will bring something new to the table.
What’s needed to succeed (Minimum Qualifications):
Bachelor's degree in Cybersecurity, Information Systems, computer software engineering, Business, data science/analytics or related field
CISSP or comparable designation
Minimum of 4 years cybersecurity, IT audit, IT and/or a related field inclusive of at least 1 year of experience with either supervising teams or project management
Strong grasp of basic cybersecurity and technology concepts (infrastructure, applications, cloud architecture and security, engineering etc.)
Knowledge of IT and cyber auditing processes/procedures
Knowledge and skill in applying internal auditing principles and practices, management principles and preferred business practices
Knowledge of Cybersecurity and IT frameworks, e.g., NIST 800-53, NIST CSF,COBIT, ISO 27001/2, CIS, OWASP, MITRE ATT&CK
Proven knowledge of and skill in applying data analytics to audit projects
Strong proven understanding of Microsoft applications such as Word, Excel, Visio, Outlook and Access
Strong problem-solving skills and ability to communicate effectively, both in written form and orally
Willingness and ability to travel up to 15%, both domestically and internationally
Must be legally authorized to work in the United States for any employer without sponsorship
Successful completion of interview required to meet job qualification
Reliable, punctual attendance is a crucial function of the position
What will help you propel from the pack (Preferred Qualifications):
OSCP or equivalent
Data analytics experience
Direct experience in the transportation field
Experience using cybersecurity assessment tools, for example burpsuite, snort, wireshark, password crackers, and other cyber reconessnence tools
Experience using Microsoft Power BI, Spotfire and AuditBoard
Ability to assess sophisticated IT and business processes environments to identify risks
Excellent analytical, organizational, problem-solving and prioritization skills
Ability to work under time pressure, prioritize a high workload, and meet deadlines
Positive demeanor and open approach, not afraid to roll up your sleeves
United Airlines is an equal opportunity employer. United Airlines recruits, employs, trains, compensates and promotes regardless of race, religion, color, national origin, gender identity, sexual orientation, physical ability, age, veteran status and other protected status as required by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions. Please contact to request accommodation.
Schedule: Full-time