Job Description

As a Technology Audit Manager on the Issue Validation Internal Audit Team, you will lead end-to-end validations of technology issues to assess whether remediation is complete, sustainable, and materially reduces residual risk. This role executes validations that function as “mini-audits,” including validation planning, risk-based testing, evidence evaluation, and clear reporting of conclusions on control design and operating effectiveness. You will perform critical validation work personally while also directing and reviewing the day-to-day testing and documentation completed by Associates and Analysts, ensuring a consistently high standard of quality and re-performable documentation.

In this role, you will apply strong independent judgment and provide thoughtful, independent challenge while partnering effectively with technology stakeholders. You will also help plan and manage a forward-looking validation pipeline in coordination with Issue Validation Directors and the Global Technology Audit COO. Additionally, you will contribute to the continued adoption of AI-enabled tools and data analytics to enhance quality, efficiency, and risk coverage, while ensuring alignment with firm standards and data handling requirements.

Job Responsibilities

• Lead technology issue validations end-to-end, including scope definition, test strategy, execution, documentation, and reporting of final validation conclusions.
• Assess whether remediation demonstrates effective and sustainable control performance by testing both control design and operating effectiveness, and by evaluating evidence sufficiency to support a conclusion on residual risk.
• Review Associate/Analyst workpapers to ensure accuracy, completeness, and re-performability, and that the overall work product meets Internal Audit standards.
• Coach and develop Associates/Analysts through hands-on guidance, structured feedback, and knowledge sharing to foster testing discipline, professional skepticism, and written communication.
• Drive timely resolution of open items by proactively engaging stakeholders on evidence gaps, remediation scope, sustainability concerns, and control intent; escalate disagreements through appropriate governance when required.
• Draft and deliver clear, concise validation documentation and reporting packages that articulate testing performed, results, exceptions, and final conclusions in a manner suitable for oversight and re-performance.
• Partner with technology and business stakeholders to understand remediation actions and implementation details while maintaining independence and providing credible challenge to ensure outcomes align to risk and control objectives.
• Manage multiple concurrent validations by prioritizing work across assignments, tracking milestones, and ensuring delivery against committed timelines without compromising quality.
• Contribute to validation portfolio planning and forecasting with the Issue Validation Director and Global Technology Audit COO, including intake assessment, sequencing, and capacity planning.
• Apply AI-enabled tools and data analytics to improve test coverage, evidence quality, and documentation consistency, while adhering to firm policies on model use, data handling, confidentiality, and audit standards.

Required Qualifications, Capabilities and Skills

• Demonstrated experience leading end-to-end technology audit or validation work (planning, testing, documentation, and reporting) with accountability for final conclusions and workpaper quality.
• Demonstrated experience assessing and validating remediation of technology controls across cloud and infrastructure, identity and access management, application delivery, software development lifecycle, etc.
• Proven ability to lead and oversee junior team members, including assigning work, providing direction, reviewing workpapers, and ensuring consistent execution across work performed by Associates/Analysts.
• Strong risk and control judgment, including the ability to evaluate evidence and determine whether remediation is sustainable and reduces residual risk to an acceptable level.
• Strong stakeholder management skills, including the ability to influence outcomes, manage difficult conversations, and provide independent challenge while maintaining constructive partnerships.
• Excellent written and verbal communication skills, including the ability to produce clear documentation that is re-performable and aligns to firm standards.

• Strong execution discipline, including the ability to manage multiple concurrent deliverables, meet deadlines while maintaining quality.

Preferred Qualifications, Capabilities and Skills

• Knowledge of technology risk coverage across domains such as cyber security, infrastructure/operating systems, network security, data management, platform engineering, third-party technology risk, and endpoint controls.
• Demonstrated experience testing cloud controls, including governance/guardrails, configuration assurance, logging and monitoring, vulnerability/patch management, key management, and resilience patterns.
• Demonstrated experience testing Identity and Access Management (IAM) controls, including joiner/mover/leaver, privileged access, authentication/authorization, access provisioning, periodic access recertification, and segregation of duties.
• Demonstrated experience testing application and SDLC controls, including change management, CI/CD governance, code promotion controls, secure SDLC practices, configuration management, production access, and application logging/monitoring.
• Experience applying AI-assisted capabilities in a controlled environment to enhance audit planning, testing consistency, and documentation quality and/or experience with advanced analytics techniques and tooling used in audit/testing contexts to improve testing efficiency and risk coverage.
• Relevant professional certifications (for example, CISA, CISSP, or equivalent), or demonstrated commitment to continuous learning in technology risk and controls.
• Experience operating within large, complex financial institutions and navigating governance, regulatory expectations, and multi-stakeholder delivery environments.