Job Description

The Senior Audit Manager supports the Deputy Chief Audit Officer (DCAO) in planning, supervising, and executing the Internal Audit plan, with a primary focus on Information Technology and Information Security risks. The role serves as a subject matter expert in technology and cyber risk while also providing audit coverage across other critical areas of Amalgamated Bank, including Commercial Banking, Risk Management, and Operations. This position is responsible for leading complex, risk-based audits; assessing governance, risk management, and control effectiveness; and ensuring audit activities align with professional standards, regulatory expectations, and industry best practices.

SPECIFIC RESPONSIBILITIES:

• Lead and supervise internal audits and targeted reviews with a primary emphasis on Information Technology, Information Security, cybersecurity, technology governance, third-party risk management, data protection, and system development life cycle controls.
• Serve as the Internal Audit subject matter expert for IT and Information Security, including identifying emerging technology and cyber risks relevant to the Bank.
• Plan and execute audits across multiple business lines, including IT, Commercial Banking, Risk Management, and Bank Operations, ensuring appropriate integration of technology risks into all audits.
• Develop audit scopes, perform risk assessments, oversee testing, validate issues, and ensure appropriate coverage of IT-dependent controls.
• Identify control deficiencies, assess root causes and impact, and recommend practical, risk-based remediation strategies.
• Review and approve audit workpapers to ensure accuracy, completeness, and adherence to Internal Audit standards.
• Prepare, review, and edit audit reports to clearly communicate technology, information security, and business risks from a senior management and Audit Committee perspective.
• Evaluate management action plans and monitor the remediation of IT, information security, and business audit issues.
• Coordinate audit activities with internal stakeholders, regulators, and external or co-source auditors, particularly for targeted technology and cybersecurity reviews.
• Support enterprise risk assessment, SOX, and regulatory examination activities where technology or data risks are present.
• Provide coaching, technical guidance, and performance feedback to audit staff and managers.
• Stay current on regulatory guidance, industry standards, and emerging risks related to IT and information security, including FFIEC, NIST, and cybersecurity frameworks.
• Assist the DCAO with departmental initiatives, strategic projects, and regulatory or Board-level requests as assigned.

Knowledge, Skills and Experience Requirements:

• Bachelor’s degree in Accounting, Finance, Information Systems, Computer Science, or a related field.
• Minimum of 8–10 years of progressive internal audit, IT audit, information security, or risk management experience within a regulated financial services environment.
• Professional certification such as CISA strongly preferred; CIA or CPA a plus.
• Demonstrated experience leading complex IT and information security audits and supervising audit staff.
• Strong understanding of IT general controls, cybersecurity, cloud environments, data governance, third-party risk, and SDLC controls.
• Working knowledge of banking regulations and technology-related regulatory expectations (e.g., FFIEC, OCC, FDIC guidance).
• Understanding of COSO internal control framework and its application to technology-enabled processes.
• Experience using audit management systems, data analytics, or automated auditing techniques.
• Excellent analytical, organizational, and project management skills.
• Strong written and verbal communication skills, with the ability to translate complex technical issues for senior management and the Audit Committee.

Our job titles may span more than one career level. The starting base salary for this role is between $150,000.00 – $180,000.00. The actual base pay is dependent upon many factors, such as: training, transferrable skills, work experience, business needs and market demands. The base pay range is subject to change and may be modified in the future.

Amalgamated Bank is anEqual Opportunity and Affirmative Action Employer, Minorities / Females / Individuals with Disability / Veterans AmeriCorps, Peace Corps and other national service alumni are encouraged to apply. View ourPay Transparency Statement Submission of a resume or any information regarding your qualifications does not constitute a promise or offer of employment. At Amalgamated Bank, we consider an applicant to be someone who has interviewed at least once, in person, with the hiring manager. Amalgamated Bank does not sponsor applicants for work visas.

Hybrid Work Model
Effective February 18, 2025, employees in office-based positions will be working a Hybrid work schedule consisting of three days or more, on-site per week, Monday - Thursday, although the specific days may vary by site or organization, with Friday designated as a remote-working day, unless business critical tasks require an on-site presence. This Hybrid work model does not apply to, and daily in-person attendance is required for, the contact center, branch service roles, and general services where the work to be performed is located at a Company site; positions covered by a collective-bargaining agreement (unless the agreement provides for hybrid work); or any other position for which the Company has determined the job requirements cannot be reasonably met working remotely. Please note, this Hybrid work model guidance does not apply to roles that have been designated as “remote”.
Search Firm Representatives- Please Read Carefully
Amalgamated Bank does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for the position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.