We believe that inclusion helps us thrive and grow at United across our collaborative Finance teams consisting of Financial Planning & Analysis, Internal Audit, Treasury, Global Procurement, Controllership, Investor Relations and more. These teams provide the financial fuel that keeps our operation running from providing detailed analyses of financial planning, performance, and forecasts to managing our investments and financial strategies. Our Finance team plays an integral role in making our airline profitable and successful by meeting our financial goals.

Job overview and responsibilities

The IT/Cyber Audit Project Lead will be responsible for leading and executing on the DT and Cyber Audit program and supporting the development of a next-generation, global IT audit function. This includes developing a deep understanding of technology and security processes and risks within the airline industry, creating strong partnerships with cross functional leaders, carrying out the cyber audit program and mentoring individuals to deliver on value-add audits and high-quality audit reports. This position reports directly to the Manager of IT/Cyber Audit.

• Audit Program and Project Management:
  • Lead and support cybersecurity and technology audits, demonstrating a strong working knowledge of IT and cybersecurity standards/frameworks (for example, NIST, COBIT, ITIL) that impact the organization both in the United States and globally. Key activities include audit scoping (including incorporating technical security testing), planning, stakeholder management, fieldwork execution, reporting and validation of remediated audit findings.
  • Supervise and schedule the work of 1-4 IT and cyber audit staff and/or senior IT and cyber auditors on concurrent projects, under the guidance of the Senior Manager of IT Audit or Manager of IT/Cyber Audit on project deliverables
  • Conduct closing meetings with clients to discuss audit results and management action plans for corrective actions. Communicate progress of audit objectives and testing with clients, audit project team members and/or the IT and cyber Audit management team on a timely basis
  • Utilize data analytics to draw conclusion and ensures that approved audit objectives are met, and that adequate coverage is achieved
  • Review all team written communications such as audit reports, client correspondence, memos and other working papers that document the procedures performed, findings, and conclusions
  • Assist with special projects, contracted services, and other agreed upon procedures requested of the Internal Audit department. Actively participate in ad-hoc committees and task forces. Strive to add value to the productivity and growth of the department.

  • Support the development of the technology and cybersecurity program to deliver against strategic program objectives and enhance integrated project delivery. Advance cyber assurance processes and techniques through red team principles, incorporation of security assessment tools, and enhanced technical testing

• Staff Development and Engagement
  
  • Train audit staff on audit standards, department procedures and technical skills required for their position.
  • Train audit staff on deepening technical auditing capability incorporating red team and blue team offensive and defensive cyber concepts.
  • Coaches and mentors staff to improve audit delivery and leadership capabilities
    
• Business Unit Relationship Development and Risk Assessment:
  
  • Influence client management to drive measurable action plans to address control deficiencies.
  • Participate in meetings that develop business unit relationships which work to ensure audits address areas of concern relative to the business’ goals and performance objectives. Interact with client personnel to better understand their business and strategy, demonstrating a commitment to continually improve the organization.
  • Assess risk, maintain knowledge of evolving cyber threats and risk management landscape, general business and economic developments and gain an understanding of the Company’s industry and related control risks

• Bachelors degree in Cybersecurity, Information Systems, computer software engineering, Business, data science/analytics or related field
• CISSP or comparable designation
• Minimum of 4 years cybersecurity, IT audit, IT and/or a related field
• 1+ years of experience with either supervising teams or project management
• Strong grasp of basic cybersecurity and technology concepts (infrastructure, applications, cloud architecture and security, engineering etc.)
• Knowledge of IT and cyber auditing processes/procedures
• Knowledge and skill in applying internal auditing principles and practices, management principles and preferred business practices
• Knowledge of Cybersecurity and IT frameworks, e.g., NIST 800-53, NIST CSF,COBIT, ISO 27001/2, CIS, OWASP, MITRE ATT&CK
• Proven knowledge of and skill in applying data analytics to audit projects
• Strong working knowledge of Microsoft applications such as Word, Excel, Visio, Outlook and Access
• Strong problem-solving skills and ability to communicate effectively, both in written form and orally
• Willingness and ability to travel up to 15, both domestically and internationally
• Must be legally authorized to work in the United States for any employer without sponsorship
• Successful completion of interview required to meet job qualification
• Reliable, punctual attendance is an essential function of the position

• OSCP or equivalent
• Data analytics experience
• Direct experience in the transportation field

• Experience using cybersecurity assessment tools, for example burpsuite, snort, wireshark, password crackers, and other cyber

  reconessnence tools

• Experience using Microsoft Power BI, Spotfire and Audit Board
• Ability to assess complex IT and business processes environments to identify risks
• Excellent analytical, organizational, problem solving and prioritization skills
• Ability to work under time pressure, prioritize a high workload, and meet strict deadlines
• Positive attitude and open mindset, not afraid to roll up your sleeves