Senior IT Audit Manager, Cybersecurity & Technology

About the role

Grade Level (for internal use): 11 The Team: The S&P Global Internal Audit function reports to the Audit Committee and the President and CEO. Join our dynamic Internal Audit Team as a Senior IT Audit Manager, focusing on IT audits and cyber security. You'll lead technology audits across the Chief Technology and Transformation Office (divisional IT infrastructure, applications, cloud systems, cyber security, identity and access management) and provide independent assessments for the company. In this critical role, you will be responsible for the execution of technology audits, managing key stakeholder relationships, and driving high-impact strategic transformation initiatives across the organization. The Impact: The Senior IT Audit Manager role will lead and oversee technology-focused audits across the Chief Technology and Transformation Office (CTTO), ensuring compliance with internal policies and regulations. Your expertise will enhance the Internal Audit value proposition by harnessing technologies and tools to improve audit quality on audit coverage for cutting edge technologies like Identity and Access Management (IAM) tools, Generative A.I., Large Language Models, and strategic transformation initiatives. To be successful in this role requires solid experience implementing identity and access management tools and processes across various environments. The role reports directly to the Senior Director, Enterprise Technology Audit and will be responsible for audit planning and execution. Partner with technology stakeholders to identify and assess identity-related vulnerabilities and control gaps through grey box testing. IAM architecture experience, including MFA and tools such as SailPoint and CyberArk. Act as a subject matter expert in IAM security testing, providing deep insights into exploitation techniques across IAM solutions. Assess the effectiveness of Identity Governance & Administration controls (provisioning, RBAC, access certifications) through control testing, abuse-case simulation, and privilege escalation scenarios. Conduct risk-based vulnerability assessments focused on identity attack vectors, including credential compromise, privilege misuse, and lateral movement. Drive and assess adoption of Secure-by-Design principles, validating implementation through security testing across the SDLC and pre-production environments. Lead testing and validation of advanced IAM capabilities such as MFA bypass scenarios, SSO misconfigurations, and Privileged Access Management (PAM) weaknesses. Continuously monitor and emulate emerging IAM threat techniques, attack vectors, and adversary tactics, integrating them into test scenarios and audit coverage. Collaborate with other technology auditors to develop and execute audit programs to support coverage for established, emerging, frontier technologies and related applications/workflows (IAM, Cybersecurity, and AI/GenAI).