Director, IT Audit and Technology Risk Advisory

Director, IT Audit and Technology Risk Advisory

6 days ago Be among the first 25 applicants

• 10+ years of recent professional services experience (public accounting or advisory firm). 5+ years of professional services experience may be combined with applicable IT risk management and internal controls experience with a Fortune 500 organization to meet the minimum requirement.
• Bachelor’s degree in Business Administration, Accounting, Management Information Systems or a related field.
• One or more of the following risk related certifications: CPA, CIA, CISA, or CISSP.
• Demonstrated track record of technical expertise with SOX, IT risk management and internal audit.
• Subject Matter Expert on select ERP applications such as SAP, Net Suite, Oracle Cloud, People Soft, or Microsoft Dynamics.
• Detailed understanding of Sarbanes‑Oxley (SOX) compliance and PCAOB requirements.
• Experience implementing and assessing controls over highly automated business processes.
• Knowledge of IT leading practices to provide clients effective and practical recommendations.
• Knowledge and application of IT controls and governance frameworks such as SOC 1/2, COBIT, NIST (CSF, 800‑53, and 800‑171), ITIL and ISO 27001/2.
• Knowledge of emerging technology risks, including cloud computing, agile development/CICD, cybersecurity, and privacy.
• Knowledge of best practices for authentication, authorization and change management.
• Strong foundational knowledge of infrastructure and platforms components such as Windows, Linux, Unix, Active Directory, SQL, MySQL, Open Source, and Oracle.
• Strong track record of meeting business development targets and developing thought leadership materials.
• Proven ability to lead, motivate and build teams that deliver services and solutions that surpass client expectations.
• Ability to lead workshops, including the gathering/documenting of requirements and use‑cases and recommendation of envisioned processes.
• History of developing risk and compliance thought leadership.
• Experience developing detailed work plans for project activities within scope of application responsibility.
• Flexibility to travel at least 25%.
• Due to the unique security requirements for this client portfolio, US Citizenship is required.

• Experience managing up to 15 IT risk projects concurrently.
• Experience designing and implementing internal controls in conjunction with ERP implementation projects.
• Experience performing platform security assessments, implementing information security solutions, performing segregation of duties assessments using automated solutions (e.g., Fastpath) and implementing GRC solutions (e.g., Workiva, Audit Board).

• You will be responsible for helping to shape the strategic direction of the practice.
• Drive business development, both by expanding and growing existing accounts and pursuing new client opportunities for the firm.
• Work with emerging growth companies and established enterprises (both publicly traded and privately held) on a wide variety of projects including Sarbanes‑Oxley (“SOX”) readiness and compliance, internal audit, and enterprise risk management (“ERM”).
• Assist companies with implementing and assessing the effectiveness of SOX compliance programs, including, but not limited to the following activities:
  • Conducting risk assessments and system scoping
  • Conducting walkthroughs and documenting end‑to‑end technology processes, identifying risks and key controls, using narratives
  • Documenting and assessing the design and effectiveness of key IT general controls (“ITGC”) and IT application controls (“ITAC”)
  • Executing testing to validate the operating effectiveness of controls
  • Evaluating controls deficiencies to determine impact and significance
  • Identifying and implementing effective and efficient plans to remediate control deficiencies
  • Summarizing and documenting results of work performed including management reporting
• Execute internal audit and IT risk management activities to support our client’s risk management initiatives.
• Demonstrate subject matter expertise on technology risks and internal control solutions associated with ERP, SaaS, IT infrastructure and cloud platforms.
• Create…