The Associate Director, Global Technology Audit is responsible for leading and developing a team of technology auditors while providing senior‑level oversight, technical judgment, and risk leadership for global technology audit activities. This role ensures that technology, cybersecurity, data, and emerging technology risks are assessed with appropriate depth, consistency, and business relevance. The Associate Director serves as a people manager and technical risk leader within Internal Audit, accountable for the performance, development, and engagement of a team of auditors. The role complements engagement coordination responsibilities performed by audit staff and supports Director‑level governance and stakeholder engagement by providing disciplined challenge, coaching, and escalation on complex or judgment‑intensive technology risk matters. This position plays a critical role in building and sustaining Internal Audit’s technology risk capability, particularly in high‑risk areas such as cybersecurity, cloud platforms, data and analytics, identity and access management, and third‑party technology risk. Responsibilities Lead, manage, and develop a team of approximately seven technology auditors, including setting performance expectations, providing ongoing coaching and feedback, conducting performance reviews, and supporting career development and progression. Provide senior‑level oversight and technical judgment for global technology audit engagements, including cybersecurity, infrastructure, cloud platforms, data and analytics environments, identity and access management, and emerging technologies. Review and challenge technology risk assessments, audit scope, and conclusions to ensure appropriate focus on control design, sustainability, and risk impact, not solely operating effectiveness. Serve as a primary escalation point for complex or judgment‑intensive technology risk issues, supporting Directors in determining appropriate risk ratings, issue framing, and management messaging. Ensure consistency and quality in how technology risks are identified, assessed, and reported across audits, particularly in high‑risk or externally exposed environments. Coach and develop Lead and Senior auditors to strengthen risk‑based thinking, technical judgment, and the ability to articulate technology risk in clear business terms. Contribute to the development, maintenance, and continuous improvement of technology audit methodologies, guidance, and playbooks, with particular focus on cybersecurity and data‑related risk areas. Identify emerging technology and cyber risk trends and advise Internal Audit leadership on implications for audit coverage, skills, and resource needs. Support integration of technology audit activities with financial and compliance audits, as appropriate, to enhance efficiency and risk coverage. Collaborate with Directors to support external audit coordination, co‑sourcing activities, and talent sourcing strategies to ensure the technology audit team maintains the skills required to address evolving risks.
Bachelor’s degree in Information Technology, Computer Science, Engineering, Business, Accounting, or a related field from an accredited four-year college or university. An advanced degree is desirable. 8+ years of relevant experience in technology audit, technology risk management, cybersecurity, cloud architecture, data platforms, or related areas, gained through internal audit, consulting, or industry roles. Demonstrated people‑management experience, including coaching, performance management, and development of professional staff. Strong ability to assess technology and cyber risks using judgment‑based, risk‑focused approaches rather than checklist‑driven testing alone. Solid understanding of technology control design concepts and how technology risks can manifest even when controls are formally in place. Experience across multiple technology domains such as cybersecurity, cloud infrastructure, identity and access management, data platforms, third‑party technology risk, and system development or change processes. Proven ability to communicate complex technology and cyber risks clearly to non‑technical stakeholders, including executive management. Demonstrated capability to mentor and develop auditors beyond execution into risk‑based thinking and technical judgment. Familiarity with relevant frameworks and standards (e.g., COBIT, NIST, ISO, cloud shared responsibility models), with the ability to apply them pragmatically. Professional certifications such as CISA, CISSP, CRISC, or relevant cloud/security certifications are desirable but not required.
Applicable only to applicants applying to a position in any location with pay disclosure requirements under state or local law: The compensation range described below is the range of possible base pay compensation that the Company believes in good faith it will pay for this role at the time of this posting based on the job grade for this positio