IT Internal Audit Manager

Responsible for conducting internal reviews to evaluate the effectiveness and integrity of systems and processes that support the organization's use of technology in business operations. This role focuses on identifying deviations from established cybersecurity policies and standards, assessing risk exposure, and recommending targeted solutions to mitigate vulnerabilities. You will also contribute to strengthening the organization's security posture by delivering actionable insights and ensuring compliance with internal and external regulatory requirements.

•    Plan and conduct cybersecurity audits across infrastructure, applications, networks, and cloud environments.
•    Evaluate internal and external cybersecurity risks and assess the design and operating effectiveness of control
•    Review vulnerability assessments reports and manual reviews of systems not covered by automated scans
•    Exemplifies strong command of IT subject matter, including identification of relevant risk and controls.
•    Ensure alignment with statutory, regulatory, and policy requirements including NYDFS, SOC 2, and internal cybersecurity charters.
•    Review and validate adherence to cybersecurity policies, procedures, and frameworks.
•    Prepare detailed audit reports summarizing findings, exceptions to policy, and recommendations for remediation. 
•    Engages in ad hoc projects assigned by supervisor, which may include system migrations and implementations, reviews of systems and controls for international and/or domestic acquisitions, and review of compliance to new regulations.
•    Work closely with InfoSec teams to guide remediation efforts and advocate for cybersecurity investments.
•    Articulates the results of engagement work verbally and/or in writing to audit clients including senior leadership team.
•    Conduct follow-up audits to verify implementation of corrective actions.
•    Monitor emerging threats and regulatory changes to update audit scope and methodology accordingly.
•    Upholds the Crawford Code of Business Conduct and Ethics.

•    Bachelor’s degree in information systems, Cybersecurity, or related field.
•    Advanced degree in Information Systems related field is a plus. 
•    Minimum 3 years of experience in IT audit or cybersecurity assessment
•    Professional certifications such as CISA, CISSP, CEH or CIA preferred.

•    Strong knowledge of Cyber Security Frameworks like NIST, CIS Benchmarks, ISO2700X-series.
•    Strong knowledge of IIA’s International Standards for the Professional Practice of Internal Auditing, Topical Requirements and GTAG, and ISACA’s Information Systems Audit Framework.
•    Ability to translate technical findings into business-relevant insights.
•    Excellent written and verbal communication skills.
•    Strong interpersonal skills to collaborate across departments and influence change.
•    3 years of cybersecurity audit experience or audits in areas such as, but not limited to Cloud Computing, IT Project Governance, BCP/DR, Vulnerability Management, Penetration Testing, AI, RPA, Data Governance, Endpoint Security, and Systems Migration.