Aprio PH - Senior Associate, Information Assurance Services

Position Responsibilities:

Aprio’s Information Assurance Services (IAS) practice supports the delivery of attestation and consulting services for multiple clients in data and tech-based industries such as credit reporting and analytics, payment card services, healthcare IT, and cloud services. The business model and methodologies are focused on risk management and adding value to clients in all services provided.  Aprio’s IAS group utilizes sound business practices and technical expertise (rather than working off checklists) to enable clients to identify, mitigate, and monitor the most technical risks associated with their technology use. 
 
Client Services: 
 
Planning and leading client meetings, walk-through reviews of clients control procedures and processes; delivery and presentation of client deliverables  
Developing and leading the performance of, testing of clients’ security, privacy and other information risk management related controls  
Directing the execution of testing of clients’ internal controls, testing of clients’ internal controls and review of internal control testing executed by other team members 
Supporting clients in problem identification and resolution 
Performing assessments and testing against leading information security and privacy standards and frameworks, including ISO 27001, Trust Services Criteria, PCI DSS, NIST CSF, GDPR, HITRUST and others 
Leading and supporting preparation of client reporting deliverables; e.g., gap and risk assessments, SOC reporting, GDPR assessments, ISO 27001 certifications, etc.  
Practice Development: 
Collaborating with other team members to streamline internal processes and procedures to improve client service and efficiencies  
Sales and Marketing: 
Participate in meetings with new prospects and/or new service opportunities with existing clients 
Support preparation of sales proposals   
Team Building: 
Interviewing potential candidates 
Being a mentor and/or coach to other team members 
Support in the development and delivery of training 

Qualifications Needed:

Amenable to work Mid-shift (3:00 PM – 12:00 MN PHT)
Work Set-up: Remote
One or more industry relevant certifications or wiliness to obtain relevant certification(s) within two years of employment.  Certifications can include: CISA, CRISC, CIPP, CISSP, CISM, QSA, ISO/IEC 27001, or PCI ISA. 
Education/Experience 
Undergraduate Degree (required): preferably in MIS/IS or related concentration – minimum 3.3 GPA  
Graduate Degree (preferred): preferably in MIS, IS or Accounting Information Systems 
Relevant work experience (2-4 years)  
Strong communication skills; verbal and written, with the ability to produce excellent written reports and audit documentation 
Commitment to continual learning and development 
Commitment to exceptional client service and creative problem-solving ability with a consultancy mindset 
Flexible, self-starter with the ability to interact with various levels of client and firm management 
Understanding of information technology risks and internal controls 
Ability to write test procedures and execute tests of controls 
Understanding of Service Organization Control, PCI, ISO, HITRUST and/or similar information technology control frameworks
Ability to manage personal schedule and to lead multiple projects, tasks and deadlines 
Project and focus areas within the Information Assurance Services practice include: 
Service Organization Control (SOC) Reporting (e.g., SOC 1 and SOC 2)
Payment Card Industry Data Security Standard (PCI DSS)
ISO Standards (e.g., ISO 27001/27002, 22301
GDPR  
HITRUST  
Risk Assessments
Risk Management
Cyber Threats and Cybersecurity
Agreed Upon Procedures
Internal Audit Co-Sourcing
EI3PA