Senior Associate - Technology Risk Consulting - Charlotte, North Carolina, United States, 28202
At RSM, Senior Associates / Supervisors in Risk Advisory Services work with large and middle market clients across a wide variety of industries. They develop strong working relationships with clients built on understanding their businesses, their challenges, risks, and information technology (IT) requirements
Our IT Risk and SPA Senior Associates provide quality services to clients by focusing on their business, IT/security risk and control requirements. ?They use strong analytical skills to develop quality solutions to assist our clients improve their business
- Performing technology risk assessments and reviewing, documenting, evaluating and testing information technology controls including change management, security, backup and operations controls, in a wide range of computing environments, for internal audit, Sarbanes-Oxley, and Service Organization Control (SOC) engagements
- Observing, reviewing, documenting, and testing key business process transactions, access controls, segregation of duties and automated controls for internal audit, Sarbanes-Oxley, and SOC engagements
- Ensure the delivery of high-quality deliverables and compliance with quality assurance and independence policies on engagements covering SOC 1 and SOC 2 reports, readiness reviews, and AT101 client engagements
- Assessing IT security policies, procedures, and controls of our clients? business applications, networks, operating systems, and other components of their technology infrastructure
- Reviewing, documenting, evaluating and testing application controls, particularly automated controls on a wide range of ERP systems and software applications across a wide variety of client business processes
- Assisting financial audit and Sarbanes-Oxley compliance teams in the identification of control objectives and the design of control procedures to address those objectives
- Identifying internal IT controls, assessing their design and operational effectiveness, determining risk exposures and developing remediation plans
- Determining technical and business impact of identified security and control issues and providing remediation guidance to clients
- Communicating findings and recommendations to client personnel?
- Bachelor's degree or equivalent
- Three or more years of experience in IT audit, IT security, or other IT compliance related work.
- Prior responsibilities should include performing IT risk assessments and controls reviews along with recommending, designing and advising on applicable IT controls
- Security and controls experience in a widely used financial application (SAP, Oracle, JD Edwards, PeopleSoft, etc.) is preferred
- Good understanding of relevant regulations and industry standards (e.g., SSAE 18/SOC 2, SOX and COSO) and best practices and methodologies to address these requirements. Ability to apply these requirements to organizational internal control frameworks
- Certified Public Accountant (CPA) certification is required
- Other professional certifications including Certified Information Systems Auditor? (CISA?), Certified Information Systems Security Professionals? (CISSP?); Certified Information Security Manager? (CISM?) and/or Certified Information Privacy Professional (CIPP) are plus, but not required
- Must be able to interpret and convey technical information to all levels of technical aptitude, including senior management. This includes written and oral communications
- Ability to articulate, write and present information in a clear and understandable manner
- Strong time management and organizational skills with the ability to manage multiple priorities successfully within a deadline-driven environment
- Ability to travel primarily regionally
Experience RSM US. Experience the power of being understood.
RSM is an equal opportunity/affirmative action employer. Minorities/Females/Disabled/Veterans.