Skip Navigation

open main navigation menu
city landscape


Advanced Search

Search Jobs

Match Your Skills

Search jobs based on your LinkedIn profile.

Match Now

Career Opportunity

Audit Manager - Information Security

Locations: New York, New York Job Function: Internal Audit Employee Status: Regular Job ID: 19029151

Internal Audit (IA) is a global organization of over 1,000 professionals covering Citi's global businesses and service to clients and customers in over 180 countries. Citi's Internal Audit division provides independent assessments of the company's governance, risk management and internal control environment for key stakeholders including the Board of Directors, senior management and Citi’s numerous regulators globally. Internal Audit is a change agent within Citi aimed to enhance the control culture of Citigroup worldwide and thereby support senior management decision making around the globe.

Job Purpose:

This role directs the timely delivery of high quality, value added assurance and audit reports for a portfolio of business activities, which meet the requirements of the Boards of Citigroup and Citibank, their affiliates, and of Citi’s respective regulators, globally.

This role is responsible for the management of risk assessment and audit delivery covering the full spectrum of Information Security (IS), including enterprise governance, systems administration, network defense infrastructure, data protection, authentication services, vulnerability threat management, risk management and cyber incident response and recovery. This encompasses providing objective risk based independent assurance with respect to the design and operating effectiveness of controls associated with IS that support critical business systems and processes across the group.

Key Responsibilities:

  • Serves as a subject matter expert in auditing general and application controls across a variety of technologies and platforms using IS best practices and standards, including the NIST Cybersecurity and Risk Management Frameworks.
  • Assists in the development of a robust IS Audit Plan independently executes in accordance with IA standards, relevant government statutes and regulations, and Citigroup and Citibank policies.
  • Delivers on-time high quality audit reports, Internal Audit and Regulatory issue validation, as well as business monitoring and governance committee reporting.
  • Develops effective senior line management relationships and has a strong understanding of the businesses.
  • Applies an in-depth understanding of the inter-relationships of business and support units throughout the corporation and how they impact the overall control environment and audit approach.
  • Uses excellent communication skills in order to influence a wide range of internal audiences including respective product, function, or regional executive management partners. May negotiate internally often at higher levels on matters which will have a major impact on the area managed.
  • Possesses strong project management and interpersonal skills, makes sound decisions, exhibiting initiative and intuitive thinking, political astuteness, and sensitivity to cultural diversity.
  • Proposes creative and pragmatic solutions for risk and control problems. Partners with Directors and Managing Directors to develop approaches for addressing broader corporate emerging issues.
  • Works collaboratively on assignments within the IS Internal Audit (IA) team and supports other IA teams across Citi’s various business sectors to provide IS audit support.
  • Keeps abreast of emerging IS/cybersecurity risks and evolving standards and regulations and ensures that these are appropriately addressed in Internal Audit’s risk assessment and audit planning processes.


  • BA/BS or equivalent. Related certifications (CPA, CISA, CIA or similar) are a plus. Additional security certifications (CISSP, CISM, CITP, CEH or similar) are desired.
  • Subject matter expertise in auditing general and application controls across a variety of technologies and platforms using IS best practices and standards, including the NIST Cybersecurity and Risk Management Frameworks, and a solid business understanding of technology infrastructure products (experience with associated with the banking and financial business.
  • Knowledge and experience in developing and executing IS risk assessments that align to organizational strategies and business objectives.
  • Works independently with demonstrated experience in managing technology audits and projects according to strict timetables and quality standards.
  • Effective negotiation skills, a proactive and 'no surprises' approach in communicating issues and strength in sustaining independent views.
  • Articulate and effective communicator, both orally and in writing, with an energetic, charismatic and approachable style, well-developed listening skills, and a strong ability to engage a variety of stakeholders, including senior officials, security professionals, regulators, and business executives, on a variety of technical audit matters that is audience-appropriate, risk-based, and actionable.


Grade :All Job Level - All Job FunctionsAll Job Level - All Job Functions - US


Time Type :Full time


Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity CLICK HERE.

To view the "EEO is the Law" poster CLICK HERE. To view the EEO is the Law Supplement CLICK HERE.
To view the EEO Policy Statement CLICK HERE.
To view the Pay Transparency Posting CLICK HERE.