IT Senior Associate, Risk Advisory Services

Overview

The Senior Associate, Data Risk & Security (DRS) provides risk consulting and issue resolution to clients in areas including general IT controls, IT application controls, IT process improvement, pre/post systems implementations, and IT security in a banking environment (commercial and/or retail banking). The role participates in all stages of IT internal audits or IT consulting engagements, assisting with planning, field work, engagement wrap-up and report composition, and delivering recommendations to address client risks.

• Acts as primary contact for clients regarding basic questions and information
• Develops and monitors budgets (budget-to-actual) for all assigned engagements
• Conducts informational interviews and facilitates meetings with clients during the engagement process
• Obtains information, documents and data from clients to support analysis and research of client issues
• Documents and analyzes client processes, risks and controls, with guidance from senior DRS professionals
• Reviews client contracts and develops contract summaries, including key provisions and financial information based on type of contract
• Develops initial deliverables and/or solutions to client issues
• Reassesses risk and communicates with other BDO professionals and/or client as necessary
• Assists with management of engagements to ensure engagement metrics are achieved
• Utilizes research tools, databases and trade publications to understand a client’s industry
• Develops relationships with client personnel and management
• Prepares formal and informal presentations for client meetings
• Partners with RAS leadership to complete research and draft proposals and reports, as necessary
• Implements project plans and maintains all documentation and work papers associated with client engagements
• Maintains the confidentiality of all documentation and work papers
• Conducts risk assessments of assigned department or functional area in established timelines, while overseeing staff
• Establishes risk-based IT audit programs
• Determines scope of review in conjunction with the engagement manager
• Documents financial reporting cycles or internal audit areas and identifies key controls
• Assesses internal control design and operational effectiveness
• Conducts audit testing of specified areas, identifies reportable issues and risk dimensions
• Determines compliance with applicable legislation and/or audit policies and procedures
• Communicates findings to senior management and drafts comprehensive reports of audited areas
• Stays informed of developments in IT technology, cloud services, IT security breaches, auditing standard updates and other issues impacting the audit process
• Other duties as required

• Supervises the day-to-day workload of Data Risk & Security Associates on assigned engagements, and reviews work product
• Ensures DRS Associates are trained on relevant audit software and engagement processes
• Delivers periodic performance feedback and completes performance evaluations for DRS Associates
• Acts as a mentor to DRS Associates as appropriate

• Bachelor’s degree in Information Technology, Computer Science, Accounting, or Finance, required

• Two or more years of experience within a public accounting firm or industry environment performing internal audit, IT audit, consulting or risk services, required
• Experience with IT internal controls, including design and testing of controls, required
• Experience with IT Audit and Sarbanes-Oxley, with a focus on entity-wide risk assessment, required
• One or more years of supervisory experience, preferred
• Experience performing IT Security audits and third-party vendor risk assessments, preferred

• CISA, CISM, CISSP, or other equivalent certification, preferred

• Proficient in Microsoft Office Suite, specifically Excel and Word, required
• Experience auditing ERP applications (e.g., SAP, Oracle), preferred
• Experience with IT audit applications and research tools, preferred
• Working knowledge of data visualization and analytics software such as Power
  
  BI, Alteryx, Tableau or equivalent, preferred