Consulting - Senior Associate - IT Risk

Apply Now >>    

RSM is seeking an IT Risk Senior or Supervisor to work within the Risk Advisory Services Practice.  The individual will be responsible for planning engagements, supervising staff, and executing IT Risk Advisory ,IT Risk Management, Application Controls Security Assessments, ERP Security & Controls, Embedded Risk Management, and other IT Audit projects as needed.  Specifically, the responsibilities of this position will include but not limited to the following:

General Administrative: 

  • Managing the delivery of timely engagement results and high-quality deliverables in accordance with professional and industry standards
  • Hands-on delivery and execution of project tasks for complex technology environments
  • Presentation and communication of project status and risk-based observations and proposed solutions to client's senior management
  • Developing and maintaining relationships with stakeholders and identifying technological and operational risk mitigating opportunities as a first choice advisor
  • Supervising, training, and mentoring staff level personnel and coordinating with client resources as needed
  • Establishing performance expectations for staff level personnel and providing performance feedback

IT Specific: 

  • Developing and managing the execution of IT Risk Assessments in conjunction with the implementation of Enterprise Risk Management governance structures/programs and the develop of client annual audit plans
  • Planning and managing the execution and delivery of client's risk-based IT audit plans, which may include IT general control reviews, IT application control reviews, IT infrastructure reviews, IT operational process reviews, IT governance & strategy design assessments, and SOX compliance related activities
  • Leading the execution of highly specialized reviews such as data integrity, Information security risk assessments, technical compliance reviews, etc.
  • Developing leading practice IT integrated Internal Audit Methodologies, for internal use and client service delivery
  • Identifying and assessing business / operational processes, IT risks, and internal controls to evaluate the design and operating effectiveness of the overall control environment
  • Developing and leading ERP (e.g., SAP, PeopleSoft, Oracle) advisory related activities, which may include business process improvement, Security risk & controls review, SoD analysis, SoD conflict management design, and application security assessments
  • Experience or knowledgeable of practices related to delivering data protection, breach management and regulatory privacy assessments
  • Experience of knowledge of practices related to delivering NIST based information security reviews based on the clients implementations of frameworks such as, NIST 800.53r4, FISMA, FedRAMP and NIST 800.171
  • Advising area leadership on the development and execution of the IT Risk service line growth program and overall go-to market strategy
  • Identifying opportunities within current engagements to expand the scope of services rendered and the ability to be market facing to identify and potentially pursue new client prospects
  • Participating in professional organizations and developing leading practice point of views of relevant IT Risk related topics for internal marketing and external organizational branding
  • Experience with conducting and reviewing Service Organization Control (SOC) reports, SOC 1, 2, and 3 in compliance with SSAE16
  • Partnering with financial audit teams to effectively integrate and coordinate appropriate IT audit procedures
  • Partnering with management to develop and validate draft IT audit reports and establish practical corrective action plans in response to technology and operational risks / observations

Individual project assignments will be performed under the RAS leadership.  Working knowledge of industry standards (e.g., COBIT, etc.), strong analytical abilities, and exceptional project management skills are keys to success in this unique and challenging position.

The individual must possess the following knowledge, skills, and abilities and be able to perform the essential functions of the job, with or without reasonable accommodation.

  • Understanding of internal control concepts/frameworks (e.g., COBIT 4/5, NIST 800.53, COSO, etc.)
  • Experience/knowledge of auditing IT processes and controls, including flowcharting and risk identification
  • Thorough understanding of complex information systems, emerging IT trends/best practices and proven ability to apply in diverse and continuously evolving client/company environments
  • Knowledge of Sarbanes-Oxley Act provisions and prior implementation of cost-effective approaches for achieving IT compliance
  • Polished and professional interviewer/negotiator with unsatisfied curiosity
  • Excellent presentation, speaking and written communication skill with ability to lead meetings/audits/report generation
  • Experience educating/training clients or internal employees on IT SOX requirements
  • Ability to work independently and in a team environment with superior interpersonal and collaboration skills
  • Advanced project management and problem solving capabilities
  • Strong analytical, strategic thinking and tactical audit execution skills
  • Strong work ethic with self-accountability for high-quality results
  • Willingness to openly challenge the status quo and drive positive process/control/technology improvements
  • Positive attitude and perseverance in the face of challenges and/or changing circumstances
  • Innate leadership skills with an emphasis on optimizing individual and team productivity/contributions
  • Keen instincts and opportunistic business sense capable of proactively identifying/preventing possible problems
  • High-energy self-starter capable of completing a diverse workload within strict timelines
  • Absolute discretion and confidentiality regarding sensitive information
  • Highest standards of ethical conduct and integrity

Required Qualifications:

  • Bachelor's or advanced degree in Accounting, Computer Science, Information Systems Management, and/or related discipline
  • 5+ years of related work experience in the internal/external audit or IT risk consulting, with at least 2 years as a project manager/team lead
  • Certified Information Systems Auditor (CISA) or similar certification
  • Willingness to travel up to 30%, including international destinations requiring a passport, on short notice and potentially extended periods of time

Preferred Qualifications:

  • Extensive experience working as an IT auditor or IT risk advisor for a public accounting firm, a professional services firm, or a publicly traded global organization
  • Significant experience applying relevant IT/technical knowledge in financial statement audits, operational audits, SSAE16's engagements, ERP security and control reviews, investigations, etc.
  • Multi-national comply/audit exposure
  • Certified Information Systems Security Professional (CISSP), Certified Public Accountant (CPA), Certified Internal Auditor (CIA), Project Management Professional (PMP), and/or Sigma Certification

You want your next step to be the right one. You've worked hard to get where you are today. And now you're ready to use your unique skills, talents and personality to achieve great things. RSM is a place where you are valued as an individual, mentored as a future leader, and recognized for your accomplishments and potential. Working directly with clients, key decision makers and business owners across various industries and geographies, you'll move quickly along the learning curve and our clients will benefit from your fresh perspective.

Experience RSM US. Experience the power of being understood.

RSM is an equal opportunity/affirmative action employer. Minorities/Females/Disabled/Veterans.
Job ID RSM476
Line of Business: Consulting Services
SubFunction: RAS Systems&Process Assurance
Job Type: Full Time
Req #: RSM476
Location: 1861 International Drive, Suite 400, McLean, VA US
Region: Southeast Region
Job Category: Business Consulting/Technology
Employment Type: Experienced
Degree Required: Bachelor
Travel: Yes
Apply Now >>