Job Description Summary

Reporting to the Director, Cybersecurity , GE Vernova, the Manager, Cyber Security Assurance will play a significant role elevating the function’s cybersecurity audit capability through enhancing and modernizing cyber security assurance core capabilities and conducting technical and cybersecurity Internal Audit engagements through inquiry, data analysis, and in-depth technical testing, with focus on enterprise-wide core technology and cyber security programs.
US Work Authorization is required. We will not sponsor work visas now or in the future for this role.

Job Description

Job Description

GE is in the midst of a significant and public transformation of its portfolio, leadership, operations and culture. One of the top priorities within this transformation is the Internal Audit function. GE is currently evolving the function, focusing more on the development of deep, data-driven, modern audit expertise and experience to serve as a true business partner for the audit committee and executive leaders, while still maintaining its commitment to talent development, both within and outside the function.

A key dimension of this role will be:

• Collaborating as a trusted advisor with audit team members and technology and cybersecurity stakeholders across the business in the evaluation and understanding of the GE Vernova security posture.
• Managing 3rd line of defense cybersecurity initiatives related to cyber readiness, compliance, and risk management.
• Ensuring Subject-Matter Expert consistency and oversight across all Technology audits, and working to establish the proper level of technical coverage and depth.
• Managing the development and implementation of technical testing playbooks, tools, methodologies, and standards into the audit process. 

Key Responsibilities

• Assisting with the design and management of  the GE Vernova Internal Audit cyber security risk exposure program based on the outcome of annual audits in partnership and coordination with technology and cyber teams.
• Liaises  with Vernova Enterprise Risk Management to continually track and monitor entity level cyber risk and assists in defining and tracking standard IA Cyber KPI's across entities.
• Translates technical risks to cross-functional teams to assist the broader organization in understanding and addressing cyber risks.
• Manage a portfolio of assigned audits and related activities, including staffing, scheduling, and coordination with stakeholders to ensure the timely completion of the plan.
• Develop audit programs and testing procedures relevant to risk and test objectives.
• Deliver audits in highly technical areas of current/emerging technologies including cloud, security, distributed computing, IoT, Zero Trust Networks, High Value Asset Protection.
• Scope and deliver risk-based audits and advisories, including communicating findings with clients in a clear and timely manner; writing audit reports that are meaningful and comprehensive (yet easy to understand); working with management to develop action plans to remediate findings and address areas for improvement; and track corrective actions through to completion.
• Stay abreast of new and emerging regulations & trends that impacts information technology controls and rapidly adjust audit plan or procedures accordingly.
• Assists IA leadership in partnering with key enterprise leaders to draw awareness to technology audit themes/root causes and will collaborate to establish risk informed control-based roadmaps for systemic change.
• Partners with the Data Analytics team to identify and maintain cyber data sources needed for technical testing automation and partners to maintain centralized dashboard for tech audit teams to assist with engagement testing efficiency and effectiveness.
• Conducts SME research of relevant industry changes and threats to assist technology audit teams in the appropriate planning and scoping of audits.
• Embed attack surface management within the planning of all audits and advisories and appropriately informs scoping.
• Manage the development and issuance of technical audit report supplements to provide a prescriptive and detailed view into audit related technology gaps and risks.
• Will manage and oversee the modernization of technical assessment tools and techniques used across technical audits.
• Maintain a continuous improvement mindset in the audit function, including identifying and integrating best practices; Identify specific actions to improve the efficiency and effectiveness of Internal Audits.
• Foster an equitable and inclusive environment where people can bring their full selves to work and unlock their greatest potential and contributions to the team.
• Support the development and retention of a high performing Internal Audit team. Mentor, coach and teach, as needed, including supporting the development of people for career opportunities and advancements within the company.
• Assist with the maintenance of technology/cyber training   program and materials development for IA Technology Auditors and SMEs.

Professional Experience/Success Profile

• Bachelor's Degree in Computer Science or in "STEM" Majors (Science, Technology, Engineering and Math) or Business Administration with a minor in Computer Information Technology is preferred.
• Minimum of 5 years of professional experience in IT Governance, IT Risk, IT Audit, IT Operations or related fields, preferably with a Fortune 1000 companies or Big 4 assurance organization.
• CISM, CISA, CISSP, CRISC, CEH designation or other relevant certification is desirable.
• Experience with regulatory and external requirements as they relate to IT, privacy and cybersecurity for regulations such as DFARS, CMMC, FISMA, , GDPR, NERC-CIP and SOX 404 is strongly preferred.
• Experience using industry standards/framework, such as NIST Cybersecurity, 800-53, NIST 800-171 Frameworks, NIST Privacy Framework, CSA CCM, ISO 27001, ITIL v3, COBIT and FAIR is desirable.
• Knowledge of IT Operational Functions including IAM, Asset Management, Cybersecurity, Data Privacy.
• Experience in identification and remediation of security threats and risks
• Experience in security risk assessment of server, endpoint, network, cloud and mobile OS platforms
• Familiar with enterprise infrastructure designs and concepts including Authentication, Logging, Interconnectivity, Internet and application proxy, cloud computing, hosting, application code security, Virtual computing, Database administration, Data storage, Data backup, Encryption, Middleware, Firewall policy, Network segmentation etc.
• Proven ability to handle scale, change agenda, pace and overall complexity.
• Work alongside business stakeholders, positioning internal audit as a strategic partner, identifying and helping mitigate risk.
• Strong business acumen: ability to build strong relationships and trust with company stakeholders and business process owners.
• Modern Audit/ Data-Driven Approach-- leveraging technology and using data to drive insights and actions.
• Lean Process orientation: Passion to help improve operations continuously.
• Strong quantitative and qualitative analysis skills; ability to take large volumes of complex information and present it in a clear and concise manner; uses data and a cogent problem-solving methodology in decision making and impact assessment.
• Capability to work with a team in a fast-paced environment to meet strict deadlines while managing multiple priorities.
• Steps forward to address difficult issues and guide others toward the accomplishment of identified, meaningful goals.
• Initiates, supports and manages change within the organization, taking steps to remove barriers or to accelerate its pace.
• Ability to quickly assimilate relevant information in unfamiliar situations.
• Ability to synthesize and communicate complex technology topics to all levels of the organization.
• Excellent listening, verbal, written and presentation communication skills.

Additional Information

#LI-Remote - This is a remote position