The firm has an exceptional career opportunity for an Oracle security risk & controls supervisor to join our Risk Advisory Services (RAS) practice in the Southeast in either Charlotte, McLean/DC or Atlanta. Our RAS practice is rapidly expanding across the Southeast. We are looking for quality talent to assist in servicing our new and existing clients. This position is a new addition to our IT risk advisory team due to the rapid growth we are experiencing.
The Oracle security risk & controls supervisor would be in our Southeast IT risk practice, and would be a regional ERP champion reporting into our national ERP IT Risk Advisory practice and will help to strengthen our Oracle risk methodology, as well as develop and provide Oracle training to others.
The Oracle security risk & controls supervisor will be responsible for either performing or supervising Oracle related IT risk engagements for both the Assurance and Advisory practices of the firm; including sensitive access and segregation of duties assessments, ERP IT General Controls testing, rule design and configuration of Oracle GRC tools utilized by RSM. The Oracle security risk & controls Supervisor will also be expected to manage non-Oracle ERP engagements at times within the Southeast; with other ERP champion SME's.
Our IT Risk consultants provide advice to CEO's, CFO's, CRO's, CIO's, CISO's and Boards of Directors on how to understand and adhere to changing regulatory compliance requirements. Our in-depth industry experience and collaborative approach assures our clients have solutions that help them minimize risk while maximizing opportunities for growth.
Specific Duties and Responsibilities
- Responsible to lead engagement teams to perform ERP IT general controls (ITGC) and business process configuration testing while ensuring the relevancy and accuracy of all RSM Oracle IT audit work programs
- Provide subject matter expertise for RSM's Oracle related risk activities; such as Oracle security, Oracle segregation of duties, Oracle business automated controls, Oracle implementation risk assessments and Oracle GRC
- Utilize data analytics to perform tests of operating effectiveness and effectively communicate recommendations to clients for improvements related to Oracle risk, security, and controls
- Provide our clients with the power of being understood by delivering solutions that address their specific Oracle ERP needs in a meaningful way and with a value driven approach
- Perform or supervise non- Oracle IT risk related engagements such as IT audits, IT risk assessments, segregation of duties assessments, etc.
- Assist with Oracle related business development activities within the Southeast including; company and market research, responding to RFPs, networking via local chapters of IIA, ISACA and other events, as well as attending sales meetings with our prospective clients
- Provide on-the-job Oracle security risk & controls training to the staff
- Ability to identify and escalate engagement risk issues internally
- Flexible to travel within the Southeast and possibly nationally, and overnight depending on client locations
- Demonstrated knowledge of auditing Oracle ITGCs, which includes ITGC basics as well as items specific to Oracle application security
- Demonstrated knowledge of Oracle EBS function based security as well as role, responsibility and menu design and the understanding of how to most effectively audit it
- 3 years' experience in performing IT audits or IT risk assessments
- 2-3 years' experience in the Oracle security risk & controls auditing or experience with Oracle implementations designing Oracle security or serving as an Oracle security analyst
- Experience with Oracle ERP Cloud
- Clear and concise communication skills. Ability to understand what to communicate to difference audiences
- High organized with the ability to monitor engagement time and expenses
- Provide client status updates, review deliverables, maintain updates with the engagement supervisor timely and communicate client opportunities
- Provides positive reinforcement and leadership to staff
- Strong understanding of information systems risk assessments and controls reviews
- Excellent organizational skills and the ability to prioritize multiple tasks, projects and assignments
- Possess strong business ethics and willingness to adhere to stringent professional standards
- Ability to put forth additional effort to meet deadlines when necessary
- Experience with data analytics tools (such as ACL or MS Access) performing complex queries
- Team member of at least one Oracle implementation
- Demonstrated knowledge of auditing Oracle automated business controls
- 2 - 3 years of professional experience in public accounting or relevant compliance industry experience relating to Sarbanes Oxley (SOX) compliance or other COBIT/NIST/ISO frameworks
Demonstrated knowledge of using Oracle GRC tools, such as Oracle GRC, Approva, CaoSys or other Oracle ERP controls monitoring tools to perform rule designs or assessments or audits
A little about us:
RSM US LLP is the nation’s leading provider of audit, tax and consulting services focused on the middle market.