The Business Advisory Services Information Technology SAR & GRC Risk and Controls Senior Associate is responsible for delivering a full range of services to clients and all phases of project and engagement management for multiple clients. The scope of SAR & GRC services include:
Responsibilities include planning, directing, and completing information technology audit engagements and developing and supervising staff;
Essential Duties and Responsibilities:
Adhere to the highest degree of professional standards and strict client confidentiality.
Participate on client engagements from start to finish, which includes planning, executing, directing, and completing information systems audits and managing to budget.
Supervise, train, and mentor associates and interns on audit; assess performance of staff for engagement reviews; perform in-charge role as needed.
Apply current knowledge of IT trends and systems processes to identify security and risk management issues and other opportunities for improvement.
Work with client service teams to plan engagement strategy, define objectives, and address technology-related controls risks and issues.
Perform general computer and application controls reviews.
Prepare Service Organization Control (SOC) audits in compliance with AICPA Attestation Standards.
Perform testing as part of SOC, internal auditing outsourcing and co-sourcing engagements for clients.
Work with client service teams to identify and resolve client issues discovered during audit and review process.
Maintain a good working relationship with client service teams to enhance customer satisfaction and improve the efficiency and effectiveness of staff at all levels.
Gain comprehensive understanding of client operations, processes, and business objectives and utilize that knowledge on engagements.
Desired Profile Required Skills and Experience:
Bachelor's degree in Accounting and/or Information Systems.
4+ years of relevant experience.
Outstanding written and verbal communication skills.
Strong project management skills to deliver engagements on time and on budget.
Prior experience in an environment that included responsibility for the preparation of working papers, status reports, and project deliverables. A professional from an accounting or other consulting firm would be ideal.
Experience managing SAR & GRC engagements, including knowledge and focus on Sarbanes/SOX and SOC work.
Ability to work in a team-oriented environment.
Excellent analytical and problem-solving abilities.
Experience with process improvement engagements and analytical techniques and tools.
Ideal candidates have experience with numerous information technology processes and multiple accounting software applications. Areas of expertise should include at least some of the following: access control software, security architecture and administration, Internet use/firewalls, network security awareness and enforcement, security policies and standards, operating systems (e.g., Windows XP/7, UNIX, Linux, AS400).
Strong experience in staff and audit management in an integrated client service team.
Computer expertise including proficiency in Microsoft Office Suite applications software and MS Project and an understanding of the impact of technology.
Ability to work additional hours as needed.
Preferred Skills and Experience:
CISA, CISSP, CISM, CPA and/or CIA.