Risk Assurance Manager

Responsibilities:

• Plans and executes IT audits, including obtaining an understanding of the control environment, designs test plans, evaluates deficiencies, and assesses the overall financial reporting control environment
• Reads and reviews clients’ information and control documentation, ensuring accuracy and completeness, and ensures that all supporting information is documented in the workpapers and through appropriate testing
• Work on financial audit engagements to assess IT-related internal controls over financial statement reporting. Work on third-party assurance and compliance engagements;
• Evaluate IT and IT-related business process controls to assess and help strengthen internal controls and improve and protect business performance.
• Understand client needs, identifying root causes of problems, and implementing pragmatic solutions.
• Communicate findings and recommendations to client personnel.
• Oversee and provide direction to junior staff in the review, documentation, evaluation and testing of application controls, particularly automated controls on a wide range of software application packages for financial reporting.
• Develop, motivate, and mentor associates by providing training, regular feedback and career guidance while fostering a team environment.
• Willingness to research relevant AICPA, PCAOB and ISO Standards as they relate to IT controls and reporting for SOC, SOX and ISO examinations.

Requirements:

• Licensed professional of the following including, but not limited to Certified Information Systems Auditor® (CISA®), Certified Information Systems Security Professionals® (CISSP®); Certified Public Accountant (CPA), Certified Information Security Manager® (CISM®) and Certified Information Privacy Professional (CIPP).
• BS/BA degree in Accounting, Computer Science, Information Systems or other relevant field required. 
• 8+ years’ experience in IT Audit, IT Security, Information Risk Management, IT Governance or other IT Compliance related work.
• Prior responsibilities should include performing IT risk assessments and controls reviews and recommending, designing and advising on applicable IT controls.
• Extensive experience with IT internal controls and their applicability with regards to financial reporting and information systems support processes.
• Experience in the performance of Service Organization Control (SOC 1, 2, & 3) assessments.
• Experience with ISO certification processes
• Technically knowledgeable in cross-platform system security - particularly with regards to operating systems, databases, networking and transactional processing environments.
• Proficiency with a variety of operating systems including Windows, OS400, UNIX and LINUX.
• Proficiency with commercial and open-source database management systems (MS-SQL, MySQL and Oracle).
• Competently analyzes and prioritizes information to make appropriate recommendations.
• Ability to synthesize all forms of research into clear, thoughtful, and actionable deliverables.
• Ability to effectively manage small teams of professionals, and delegate work assignments, as needed.
• Excellent oral and written communication skills.
• Ability to effectively market or sell professional services.
• Working knowledge of relevant standards