We believe that inclusion helps us thrive and grow at United across our collaborative Finance teams consisting of Financial Planning Analysis, Internal Audit, Treasury, Global Procurement, Controllership, Investor Relations and more. These teams provide the financial fuel that keeps our operation running from providing detailed analyses of financial planning, performance, and forecasts to managing our investments and financial strategies. Our Finance team plays an integral role in making our airline profitable and successful by meeting our financial goals.

Job overview and responsibilities

The IT/Cyber Audit Project Lead will be responsible for leading and executing on the DT and Cyber Audit program and supporting the development of a next-generation, global IT audit function. This includes developing a deep understanding of technology and security processes and risks within the airline industry, creating strong partnerships with cross functional leaders, carrying out the cyber audit program and mentoring individuals to deliver on value-add audits and high-quality audit reports. This position reports directly to the Manager of IT/Cyber Audit.

Audit Program and Project Management:Lead and support cybersecurity and technology audits, demonstrating a strong working knowledge of IT and cybersecurity standards/frameworks (for example, NIST, COBIT, ITIL) that impact the organization both in the United States and globally. Key activities include audit scoping (including incorporating technical security testing), planning, stakeholder management, fieldwork execution, reporting and validation of remediated audit findings.Supervise and schedule the work of 1-4 IT and cyber audit staff and/or senior IT and cyber auditors on concurrent projects, under the guidance of the Senior Manager of IT Audit or Manager of IT/Cyber Audit on project deliverablesConduct closing meetings with clients to discuss audit results and management action plans for corrective actions. Communicate progress of audit objectives and testing with clients, audit project team members and/or the IT and cyber Audit management team on a timely basisUtilize data analytics to draw conclusion and ensures that approved audit objectives are met, and that adequate coverage is achievedReview all team written communications such as audit reports, client correspondence, memos and other working papers that document the procedures performed, findings, and conclusionsAssist with special projects, contracted services, and other agreed upon procedures requested of the Internal Audit department. Actively participate in ad-hoc committees and task forces. Strive to add value to the productivity and growth of the department.

Support the development of the technology and cybersecurity program to deliver against strategic program objectives and enhance integrated project delivery. Advance cyber assurance processes and techniques through red team principles, incorporation of security assessment tools, and enhanced technical testing

Staff Development and Engagement
Train audit staff on audit standards, department procedures and technical skills required for their position.Train audit staff on deepening technical auditing capability incorporating red team and blue team offensive and defensive cyber concepts.Coaches and mentors staff to improve audit delivery and leadership capabilities
Business Unit Relationship Development and Risk Assessment:
Influence client management to drive measurable action plans to address control deficiencies.Participate in meetings that develop business unit relationships which work to ensure audits address areas of concern relative to the business’ goals and performance objectives. Interact with client personnel to better understand their business and strategy, demonstrating a commitment to continually improve the organization.Assess risk, maintain knowledge of evolving cyber threats and risk management landscape, general business and economic developments and gain an understanding of the Company’s industry and related control risks

We believe that inclusion helps us thrive and grow at United across our collaborative Finance teams consisting of Financial Planning Analysis, Internal Audit, Treasury, Global Procurement, Controllership, Investor Relations and more. These teams provide the financial fuel that keeps our operation running from providing detailed analyses of financial planning, performance, and forecasts to managing our investments and financial strategies. Our Finance team plays an integral role in making our airline profitable and successful by meeting our financial goals.

Job overview and responsibilities

The IT/Cyber Audit Project Lead will be responsible for leading and executing on the DT and Cyber Audit program and supporting the development of a next-generation, global IT audit function. This includes developing a deep understanding of technology and security processes and risks within the airline industry, creating strong partnerships with cross functional leaders, carrying out the cyber audit program and mentoring individuals to deliver on value-add audits and high-quality audit reports. This position reports directly to the Manager of IT/Cyber Audit.

Audit Program and Project Management:Lead and support cybersecurity and technology audits, demonstrating a strong working knowledge of IT and cybersecurity standards/frameworks (for example, NIST, COBIT, ITIL) that impact the organization both in the United States and globally. Key activities include audit scoping (including incorporating technical security testing), planning, stakeholder management, fieldwork execution, reporting and validation of remediated audit findings.Supervise and schedule the work of 1-4 IT and cyber audit staff and/or senior IT and cyber auditors on concurrent projects, under the guidance of the Senior Manager of IT Audit or Manager of IT/Cyber Audit on project deliverablesConduct closing meetings with clients to discuss audit results and management action plans for corrective actions. Communicate progress of audit objectives and testing with clients, audit project team members and/or the IT and cyber Audit management team on a timely basisUtilize data analytics to draw conclusion and ensures that approved audit objectives are met, and that adequate coverage is achievedReview all team written communications such as audit reports, client correspondence, memos and other working papers that document the procedures performed, findings, and conclusionsAssist with special projects, contracted services, and other agreed upon procedures requested of the Internal Audit department. Actively participate in ad-hoc committees and task forces. Strive to add value to the productivity and growth of the department.

Support the development of the technology and cybersecurity program to deliver against strategic program objectives and enhance integrated project delivery. Advance cyber assurance processes and techniques through red team principles, incorporation of security assessment tools, and enhanced technical testing

Staff Development and Engagement
Train audit staff on audit standards, department procedures and technical skills required for their position.Train audit staff on deepening technical auditing capability incorporating red team and blue team offensive and defensive cyber concepts.Coaches and mentors staff to improve audit delivery and leadership capabilities
Business Unit Relationship Development and Risk Assessment:
Influence client management to drive measurable action plans to address control deficiencies.Participate in meetings that develop business unit relationships which work to ensure audits address areas of concern relative to the business’ goals and performance objectives. Interact with client personnel to better understand their business and strategy, demonstrating a commitment to continually improve the organization.Assess risk, maintain knowledge of evolving cyber threats and risk management landscape, general business and economic developments and gain an understanding of the Company’s industry and related control risks

What’s needed to succeed (Minimum Qualifications):

Bachelors degree in Cybersecurity, Information Systems, computer software engineering, Business, data science/analytics or related fieldCISSP or comparable designationMinimum of 4 years cybersecurity, IT audit, IT and/or a related field1 years of experience with either supervising teams or project managementStrong grasp of basic cybersecurity and technology concepts (infrastructure, applications, cloud architecture and security, engineering etc.)Knowledge of IT and cyber auditing processes/proceduresKnowledge and skill in applying internal auditing principles and practices, management principles and preferred business practicesKnowledge of Cybersecurity and IT frameworks, e.g., NIST 800-53, NIST CSF,COBIT, ISO 27001/2, CIS, OWASP, MITRE ATTCKProven knowledge of and skill in applying data analytics to audit projectsStrong working knowledge of Microsoft applications such as Word, Excel, Visio, Outlook and AccessStrong problem-solving skills and ability to communicate effectively, both in written form and orallyWillingness and ability to travel up to 15%, both domestically and internationallyMust be legally authorized to work in the United States for any employer without sponsorshipSuccessful completion of interview required to meet job qualificationReliable, punctual attendance is an essential function of the position

What will help you propel from the pack (Preferred Qualifications):

OSCP or equivalentData analytics experienceDirect experience in the transportation field

Experience using cybersecurity assessment tools, for example burpsuite, snort, wireshark, password crackers, and other cyber

reconessnence tools

Experience using Microsoft Power BI, Spotfire and Audit BoardAbility to assess complex IT and business processes environments to identify risksExcellent analytical, organizational, problem solving and prioritization skillsAbility to work under time pressure, prioritize a high workload, and meet strict deadlinesPositive attitude and open mindset, not afraid to roll up your sleevesWhat’s needed to succeed (Minimum Qualifications):

Bachelors degree in Cybersecurity, Information Systems, computer software engineering, Business, data science/analytics or related fieldCISSP or comparable designationMinimum of 4 years cybersecurity, IT audit, IT and/or a related field1 years of experience with either supervising teams or project managementStrong grasp of basic cybersecurity and technology concepts (infrastructure, applications, cloud architecture and security, engineering etc.)Knowledge of IT and cyber auditing processes/proceduresKnowledge and skill in applying internal auditing principles and practices, management principles and preferred business practicesKnowledge of Cybersecurity and IT frameworks, e.g., NIST 800-53, NIST CSF,COBIT, ISO 27001/2, CIS, OWASP, MITRE ATTCKProven knowledge of and skill in applying data analytics to audit projectsStrong working knowledge of Microsoft applications such as Word, Excel, Visio, Outlook and AccessStrong problem-solving skills and ability to communicate effectively, both in written form and orallyWillingness and ability to travel up to 15%, both domestically and internationallyMust be legally authorized to work in the United States for any employer without sponsorshipSuccessful completion of interview required to meet job qualificationReliable, punctual attendance is an essential function of the position

What will help you propel from the pack (Preferred Qualifications):

OSCP or equivalentData analytics experienceDirect experience in the transportation field

Experience using cybersecurity assessment tools, for example burpsuite, snort, wireshark, password crackers, and other cyber

reconessnence tools

Experience using Microsoft Power BI, Spotfire and Audit BoardAbility to assess complex IT and business processes environments to identify risksExcellent analytical, organizational, problem solving and prioritization skillsAbility to work under time pressure, prioritize a high workload, and meet strict deadlinesPositive attitude and open mindset, not afraid to roll up your sleeves