At the RSM, our Senior Associate IT Auditors work with large and small companies. They develop strong working relationships with clients built on understanding their businesses and challenges. Consultants work on multiple team engagements each year, including several pieces of any particular assignment-not just one part. Working in a mutually respectful team environment helps our consultants perform at their best and integrate their career with their personal life.
Senior Associate IT Auditors provide quality services to clients by focusing on their IT and security controls. You will use your strong analytical skills to develop quality solutions to meet client requirements. Examples of specific assignments could include: Performing technology risk assessments and reviewing, documenting, evaluating and testing general computer controls including access controls, change management, security, backup and operations controls, in a wide range of computing environments (e.g., mid-range, client/server and mainframes), for Service Organization Control (SOC) engagements, internal audit projects, financial audit support and Sarbanes-Oxley 404 assessments.
- Assess security of client networks, hosts, and applications
- Reviewing, documenting, evaluating and testing application controls, particularly automated controls on a wide range of software application packages for financial reporting
- Assisting financial audit and Sarbanes-Oxley compliance teams in the identification of control objectives and the design of control procedures to address those objectives
- Identifying internal IT controls, assessing their design and operational effectiveness, determining risk exposures and developing remediation plans
- Communicating findings and recommendations to client personnel
- Determine technical and business impact of identified security and control issues and provide remediation guidance to clients
- Measure and report clients' compliance with established industry or government requirements
- Assess the design and operating effectiveness of the control objectives and SysTrust Criteria as relevant to SOC 1 (SSAE16) and SOC 2 (AT 101) attestations.
- Bachelor's degree or equivalent
- Minimum 3 years of experience in IT Audit, IT Security, Information Risk Management, IT Governance or other IT Compliance related work. Prior responsibilities should include performing IT risk assessments and controls reviews and recommending, designing and advising on applicable IT controls
- Minimum 3 years of experience with IT internal controls and their applicability with regards to financial reporting and information systems support processes
- Good understanding of relevant regulations and industry standards (e.g., SSAE 16/SOC , FFIEC, SOX, COSO, COBIT, ITIL, ISO27001, PCI, HIPAA and GLBA) and best practices and methodologies to address these requirements. Ability to apply these requirements to organizational internal control frameworks
- Minimum 2 years of experience with ERP systems such as SAP, Oracle, PeopleSoft, JDE and MS Dynamics
- Ability to travel
- Technically knowledgeable in cross-platform system security - particularly with regards to operating systems, databases, networking and transactional processing environments
- Proficiency with a variety of operating systems including Windows, OS400, UNIX and LINUX
- Proficiency with commercial and open source database management systems (MS-SQL, MySQL and Oracle)
- Professional certifications including Certified Information Systems Auditor® (CISA®), Certified Information Systems Security Professionals® (CISSP®); Certified Public Accountant (CPA), Certified Information Security Manager® (CISM®) and Certified Information Privacy Professional (CIPP)
- Excellent written and oral communications skills
- Strong time management and organizational skills
- Great attitude and strong work ethic