It/Is Internal Audit, Sr. Dir.

Job Description:
Purpose:
The IT/IS Senior Director will conduct reviews of complex Bank Information Technology (IT), and Information Security (IS) activities under the direction of the Managing Director of Internal Audit (IA). Manage the annual planning process, supervise the audit team (including co-sourcing) and prepare and issue audit reports to senior management. Establish relationships with IT/IS management and communicate with them regularly regarding emerging risks, process changes, audit results, and significant control matters. Manage and maintain IA tools, and methodology in accordance with Bank policies. This role includes spearheading projects, managing departmental deadlines to ensure timely completion, and striving to continuously add value to the overall IA process. Plan and execute audit methodologies to meet the Bank's complex and evolving IT/IS environment.
Major Accountabilities:
The IT/IS Senior Director IA will report to Managing Director of IA and will be responsible for leading a team that conducts reviews of Bank IT and IS activities. This includes:

• Collaborate with IT/IS management and compliance to provide audit results and ensure compliance with company/regulatory policies and procedures and best practices.
• Serve as the auditor-in-charge and manage audits related to IT/IS ensuring compliance with IA and industry (including IIA) standards.
• Partner with the Managing Director of IA, to propose and implement a plan for the audit coverage of the Bank's IT/IS risks, including use of IA in-house and co-source resources.
• Maintain an in-depth understanding of the IT/IS business processes and the underlying technologies of the Bank's security and network infrastructure.
• Maintain an in-depth understanding of the Bank's data and systems.
• Lead efforts to identify opportunities for the usage of Data Analytics in the audit process through data collection, and analysis.
• Drive further implementation and adoption of the newly adopted Global Risk and Compliance (GRC) tool for IA audits, and other IA processes.
• Manage and maintain internal department Manual, Procedures/Standards, and tools, including the GRC in accordance with Bank policies.
• Provide leadership and direction to the IT/IS audit team as well as co-source resources.
• Provide IA team members with professional and technical expertise related to IT/IS audits on assessing/evaluating the effectiveness of risk management and governance processes, and through the incorporation of Data Analytics, as appropriate.
• Promote new ideas and news ways of designing and executing IT/IS audits through technology and Data Analytics.
• Recruit, hire, develop, and evaluate the IT/IS audit team, under the direction of the Managing Director of Internal Audit.
• Support integrated audits that cover financial, operational, and business areas of focus with professional and technical expertise related to IT, IS, and Data Analytics, as appropriate.
• Execute or supervise the team with conducting interviews and walkthroughs; identifying key risks and controls; drafting flowcharts and/or narratives, gathering evidence and performing testing; preparing and reviewing audit work papers that comply with IIA standards for content and quality; discussing and clearly communicating findings, observations, and related risks with auditees throughout the process.
• Lead assessments of new products, systems, and technologies and provide technical expertise related to IT, IS, and Data Analytics, as appropriate.
• Review Audit Committee materials to ensure completeness and accuracy for IT/IS and Data Analytics areas of focus.
• Lead Quality Assessment Reviews (QARs) of audit activities
• Support the annual regulatory examination by attending and participating in meetings and preparing and reviewing requested information.
• Drive improvement efforts in efficiency and productivity of the audit process.
• Draft written Internal Audit reports that clearly articulate the scope, objectives, issues, risk, impact, root cause, and practical, value-added recommendations for remediation.
• Conduct timely regulatory and Internal Audit issue validation, including significant issues arising from management, risk management or outside consultants.

Skills/Knowledge:

• Core Competencies:
  • Customer focus, Decision quality, ensures accountability, drives results, collaborates, values differences, communicates effectively, instills trust, develops talent, strategic mindset, drives vision and purpose, drives engagement, builds effective teams.
• Bachelor's degree in computer science, information systems, business administration, a related field or the equivalent work experience and a Certified Information Systems Auditor (CISA), is required.
• Minimum of eight years audit experience of progressively responsible experience in IT/IS audit, is required. Experience within a highly regulated environment, is strongly preferred.
• Experience in a leadership role
• Knowledge of IT Frameworks: COBIT, COSO, NIST-800-53, ISO 27001, ISO 22301 and GAPPI.
• Ability to quickly acquire and apply knowledge of changing technologies.
• Sound understanding of audit process/methodology and risk management.
• Experienced in using a risk-based audit approach in evaluations of and recommendations for management processes.
• Proven ability to influence change and effectively lead projects, collect/analyze data and develop/communicate recommendations.
• Excellent analytical, verbal, and written communication, exceptional interpersonal, and relationship building skills.
• Strong negotiation and influencing skills.
• Strong analytical, issue identification, prioritization, resolution, and report writing skills and experience.
• Proactive and must be able to meet established deadlines.
• Able to manage multiple concurrent projects.
• Proven ability to provide leadership and develop self.
• Able to operate PC-based software and/or automated database systems required.
• Demonstrated experience using Microsoft products and GRC tool experience desired.
• Bachelor's degree in economics, statistics, data science, math, may be considered.
• The following are a plus: Knowledge of systems analysis, computer languages, computer program security, computer operations, database structure, networking, computer security concepts, Microsoft Infrastructure, such as SQL and SQL Server and/or ServiceNow is a plus. Working knowledge of analytical tools and software, such as R Studio, SAS, Tableau, PowerBI, Python, and/or ACL a plus.

SALARY RANGE: $215K - $230K
The Federal Home Loan Bank of San Francisco is an Equal Employment Opportunity employer and is committed to a diverse workforce. We value and actively seek to recruit, develop, and retain individuals with varied backgrounds and experiences reflecting the full diversity of the communities that we serve. It is the policy of the Bank to comply with all applicable laws concerning the employment of persons with disabilities.
Salary ranges reflect the base salary that the Bank reasonably expects to pay for a given role and is not inclusive of annual incentive award opportunities, retirement benefits or the value of other health and welfare or other ancillary benefits. We consider many factors when determining base salaries such as individual background and experience, the competitive environment, education, particular skill set(s), and industry and institutional knowledge.
The Bank is committed to offering all team members challenging and engaging work with market competitive pay, retirement, and benefit offerings. In support of this commitment, the Bank routinely engages in market competitive benchmarking surveys and analysis to ensure our team members continue to be paid fairly and competitively.