RSM has an exceptional career opportunity available for an experienced Risk Advisory Services Senior Associate in Cincinnati, Ohio. We have senior associate positions available in both our IT Risk and Service Organization Assurance Solution Sets. At RSM, Senior Associates in Risk Advisory Services work with large and middle market clients across a wide variety of industries. They develop strong working relationships with clients built on understanding their businesses, their challenges, risks, and information technology (IT) requirements.
Our IT Risk and SOA Senior Associates provide quality services to clients by focusing on their business, IT/security risk and control requirements. They use strong analytical skills to develop quality solutions to assist our clients improve their business.
Performing technology risk assessments and reviewing, documenting, evaluating and testing information technology controls including change management, security, backup and operations controls, in a wide range of computing environments, for internal audit, Sarbanes-Oxley, and Service Organization Control (SOC) engagements.
Observing, reviewing, documenting, and testing key business process transactions, access controls, segregation of duties and automated controls for internal audit, Sarbanes-Oxley, and SOC engagements.
Ensure the delivery of high-quality deliverables and compliance with quality assurance and independence policies on engagements covering SOC 1 and SOC 2 reports, readiness reviews, and AT101 client engagements.
Assessing IT security policies, procedures, and controls of our clients’ business applications, networks, operating systems, and other components of their technology infrastructure.
Reviewing, documenting, evaluating and testing application controls, particularly automated controls on a wide range of ERP systems and software applications across a wide variety of client business processes.
Assisting financial audit and Sarbanes-Oxley compliance teams in the identification of control objectives and the design of control procedures to address those objectives.
Identifying internal IT controls, assessing their design and operational effectiveness, determining risk exposures and developing remediation plans.
Determining technical and business impact of identified security and control issues and providing remediation guidance to clients.
Communicating findings and recommendations to client personnel.
Bachelor's degree or equivalent
Three or more years of experience in IT audit, IT security, or other IT compliance related work. Prior responsibilities should include performing IT risk assessments and controls reviews along with recommending, designing and advising on applicable IT controls
Security and controls experience in a widely used financial application (SAP, Oracle, JD Edwards, PeopleSoft, etc.) is preferred
Good understanding of relevant regulations and industry standards (e.g., SSAE 18/SOC 2, FFIEC, SOX, COSO, COBIT, ITIL, ISO27001, PCI, HIPAA and GLBA) and best practices and methodologies to address these requirements. Ability to apply these requirements to organizational internal control frameworks
Professional certifications including Certified Information Systems Auditor® (CISA®), Certified Information Systems Security Professionals® (CISSP®); Certified Public Accountant (CPA), Certified Information Security Manager® (CISM®) and/or Certified Information Privacy Professional (CIPP)
Must be able to interpret and convey technical information to all levels of technical aptitude, including senior management. This includes written and oral communications
Ability to articulate, write and present information in a clear and understandable manner
Strong time management and organizational skills with the ability to manage multiple priorities successfully within a deadline-driven environment
Ability to travel primarily regionally