Director - Internal Audit

Director, Internal Audit - Cybersecurity & Technology

Achieving our goals starts with supporting yours. Grow your career, access top-tier health and wellness benefits, build lasting connections with your team and our customers, and travel the world using our extensive route network. Come join us to create what's next. Let's define tomorrow, together.

We believe that inclusion helps us thrive and grow at United across our collaborative Finance teams consisting of Financial Planning & Analysis, Internal Audit, Treasury, Global Procurement, Controllership, Investor Relations and more. These teams provide the financial fuel that keeps our operation running from providing detailed analyses of financial planning, performance, and forecasts to managing our investments and financial strategies. Our Finance team plays an integral role in making our airline profitable and successful by meeting our financial goals.

Job Overview and Responsibilities

The Director, Internal Audit - Cybersecurity & Technology is a leader of the Internal Audit function responsible for United's Digital Technology and Cyber audit programs. The position reports directly to the Chief Audit Executive. This position plays a key leadership role in directing a team of 30+ audit professionals in the development and execution of strategic, compliance, advisory, data analytics, cyber and digital technology audits, and projects. Special emphasis in providing digital technology and cyber audit leadership and performing digital technology and cyber risk assessments and / or special projects over information security, IT infrastructure, processes, governance, and compliance.

Audit Project Management :

• Leads audit projects, as assigned, by the Audit Managing Director and Vice-President, Internal Audit.
• Manage a team of auditors performing both IT / cyber and integrated assurance audits and advisory projects in accordance with the annual internal audit plan.
• Implement IT and cyber audit procedures based on risk and impact to the business, across different applications, technologies, and business processes, and in collaboration with internal and external partners and monitor completion of planned actions.
• Lead pre- and post-implementation audits of new system implementations, expanding cloud footprint, application re-writes, etc.
• Develop and mentor a high-performing audit team with expertise in IT, cybersecurity, risk analytics, and compliance.
• Develop an understanding of the organization business processes, goals, and strategy in order to provide sound analysis and interpretation of IT and cyber risks and Technology challenges.
• Be responsible for the examination and analysis of technology, cyber, and business risks by performing IT and cyber audit work, researching standard methodologies and benchmarking.
• Assess compliance with frameworks such as SOX ITGC, PCI DSS, NIST CSF, and ISO 27001.
• Review and audit governance policies, standards, and procedures for alignment with industry standards.
• Research industry trends applicable to the environment including technology, cyber and audit.
• Monitor evolving cybersecurity threats and regulatory changes to refine audit practices.
• Develop annual IT audit plan of high risk / importance projects based on independent research and knowledge, interactions with Company leadership and peer benchmarking.
• Audit the airline's cyber resiliency program, including disaster recovery and business continuity plans.
• Audit the effectiveness of risk mitigation plans and controls to address threats like ransomware and supply-chain compromises.
• Support departmental transformation with pilots of new audit processes, procedures, and technology.
• Recommend tools and processes that enhance audit efficiency and support operational excellence.
• Proactively coordinate with IT, cyber and business leadership to identify key Company initiatives and changes in the business environment and assess their impact on Company operations and the control environment.
• Act as a department liaison to various cyber, IT and business function multi-functional teams and committees.
• Responsible for ensuring timely audit project execution through use of project planning as well as efficient deployment of resources to projects in order to achieve success and control costs.
• Ensures the timely follow up to management action plans is completed and documents status; raises when necessary.
• Advocates for extensive use of data analytics in the internal audit plan's various projects.
• Ensures the alignment to audit standards by the audit team.
• Reviews audit program developed by senior and staff auditors.
• Communicates with the Managing Director or Director of Internal Audit regularly to provide progress of audit activities.
• Strategize approach to changes in the audit plan, company strategy, or department goals.

Staff Development and Engagement

Directly responsible for the management and development of ~10 or more managers, audit project leads, senior and staff auditors. Develop and retain audit staff, including career growth, training, goal setting and performance evaluations. Train audit staff on audit standards, department procedures, and technical skills required for their position. Recruit and interview audit staff. Manages professional development opportunities, including internal and external training, professional association memberships, and networking events.

Unit Relationship Development and Risk Assessment

Works with the Vice President, Internal Audit, and other Audit Management team members to develop and complete the enterprise-wide risk assessment, ensuring the approach is based on company strategy, customer insights, data analytics, and current industry standard processes. Interacts with client personnel to better understand their business and strategy, demonstrating a commitment to continually improve the organization. Prepare management's annual assessment of the effectiveness of internal controls over financial reporting for senior management review and approval.

Qualifications

What's needed to succeed (Minimum Qualifications) : Bachelor's degree or 4 years of relevant work experience Information Systems, Business, Accounting, Finance, or related field Minimum 10 years' experience in IT Audit,IT Security, IT Compliance, and / or a related field 5 years' experience managing a team CISA or comparable designation Extensive knowledge of and skill in applying internal auditing principles and practices, and management principles and preferred business practices Extensive knowledge of and skill in applying auditing principles and practices specific to IT in areas including access management, change management, system development life cycle, operations Extensive knowledge of and skill in applying data analytics to audit projects Strong working knowledge of Microsoft applications such as Word, Excel, PowerPoint, Visio, Outlook, and Access Working knowledge of COBIT Working knowledge of SQL Extensive knowledge of the International Professional Practices Framework (IPPF) promulgated by the Institute of Internal Auditors Strong problem-solving skills and ability to communicate effectively, both in written form and verbally Effective communication skills. Highly developed, demonstrated teamwork skills. Exceptional interpersonal and leadership skills with a demonstrated ability to gain the confidence To assess risk, the director maintains knowledge of general business and economic developments and fully understands the Company's industry and related control risks. Ability to build consensus and relationships with peers across the organization.

What will help you propel from the pack (Preferred Qualifications) : Direct experience in the transportation field Supervisory experience in the transportation field CISSP, CISM, CPA, CIA, CFE Understand and / or working knowledge of data analytic tools such as SAS, ACL, SQL, Spotfire, Tableau Strong working knowledge of emerging trends which have an impact on data analytics as well as digital technology (cyber security, cloud, mobile, social media, IoT, etc.)

United Airlines is an equal opportunity employer. United Airlines recruits, employs, trains, compensates and promotes regardless of race, religion, color, national origin, gender identity, sexual orientation, physical ability, age, veteran status, and other protected status as required by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions. Please contact JobAccommodations@united.com to request accommodation.

The base pay range for this role is $155,895.00 to $202,960.00. The base salary range / hourly rate listed is dependent on job-related, factors such as experience, education, and skills. This position is also eligible for bonus and / or long-term incentive compensation awards. You may be eligible for the following competitive benefits : medical, dental, vision, life, accident & disability, parental leave, employee assistance program, commuter, paid holidays, paid time off, 401(k) and flight privileges.