RSM has an exceptional career opportunity available for an experienced Risk Advisory Services – Systems and Process Assurance Manager in our Des Moines, IA office.
Our systems and process assurance managers are those seeking career growth, management, and accelerated leadership opportunities for an exciting, growing consulting practice. They are managers who appreciate the ability to aggressively pursue their career goals while being provided the opportunity to experience a rewarding work-life balance.
Our clients depend upon effective risk management, internal audit, and governance over their enterprise- wide information technology in order to achieve their business objectives. Our Risk Advisory Services Systems and Process Assurance (SPA) professionals serve complex global clients aspiring to help transform their IT risk management and assurance capabilities to be aligned to the key risks and strategies of their organization. We work with large and middle market clients across a wide variety of industries developing strong working relationships with clients built on understanding their businesses, their challenges, risks, and information technology (IT) requirements.
Consulting with client leadership on the design and optimization of controls utilizing a general knowledge of business processes, accounting, and information technologies. Create internal control documentation for the engagement including narratives, process and data flows;
Consulting with client leadership on strategic plans and other business matters, helping our clients to anticipate emerging risks and information technology opportunities;
Managing SOC attestation and other third-party opinion services;
Supporting external financial statement and SOX compliance engagements for application and information technology general computer controls assisting financial audit and Sarbanes-Oxley compliance teams in the identification of control objectives and the design of control procedures to address those objectives;
Assessing IT security policies, procedures, and controls of our clients’ business applications, networks, operating systems, and other components of their technology infrastructure;
Reviewing, documenting, evaluating and testing application controls, particularly automated controls on a wide range of ERP systems and software applications across a wide variety of client business processes;
Identifying internal IT controls, assessing their design and operational effectiveness, determining risk exposures and developing remediation plans and determining technical and business impact of identified security and control issues and providing remediation guidance to clients;
Communicating findings and recommendations to client personnel;
Helping grow RSM’s business through involvement in various business development and client sales opportunities.
Bachelor's degree or equivalent
Five or more years of experience in business process controls and IT risk management, internal audit, IT security, or other IT compliance related work
Experience leading engagements and managing staff; experience managing project financials and managing projects to completion within agreed upon budgets
Experience managing people, mentoring staff, providing performance feedback, and monitoring workloads of the team while meeting stakeholder and client expectations
Strong understanding of information technology controls and security experience in a widely used financial application (SAP, Oracle, JD Edwards, PeopleSoft, SQL etc.) is preferred
Good understanding of relevant regulations and industry standards (e.g., FFIEC, SOX, COSO, COBIT, ITIL, ISO27001, PCI, HIPAA, GLBA and NIST) and best practices and methodologies to address these requirements. Ability to apply these requirements to organizational internal control frameworks
Professional certifications including Certified Public Accountant (CPA), Certified Information Systems Auditor® (CISA®), Certified Information Systems Security Professionals® (CISSP®); Certified Information Security Manager® (CISM®) and/or Certified Information Privacy Professional (CIPP)
Must be able to interpret and convey technical information to all levels of technical aptitude, including senior management. This includes written and oral communications
Ability to articulate, write and present information in a clear and understandable manner
Strong time management and organizational skills with the ability to manage multiple priorities successfully within a deadline-driven environment
Ability to travel primarily regionally primarily throughout the state of Iowa