FS ITGC/SOX – Technology Risk
As an ITrisk consultant, you’ll contribute technically to risk assurance client engagements and internal projects. An important part of your role will be to perform IT audits, document good quality assessment reports and issue opinions. You’ll anticipate and identify risks within engagements and share any issues with the audit stakeholders. You’ll also identify potential business opportunities for EY within existing engagements and facilitate integration as appropriate.
Your key responsibilities as a senior are to
- Lead and execute SAP audit programs and IT risk assurance engagements.
- Perform client walkthroughs, understand key IT processes and risk in SAP environment.
- Request, review the audit evidence and draft control risk review report.
- Document and highlight potential risks on client’s SAP environment and escalate to stakeholders proactively.
- Able to perform independent security configuration review and provide recommendations to clients on security role design & experience on steady state support.
Skills and attributes for success
- Work effectively as a team leader - collaborate and share responsibility, coach, and support team members to succeed.
- Plan team schedules and utilization. Divide tasks amongst the staffs and manage final delivery.
- Maintain an educational program to continually develop personal skills of self and staff
- Conduct performance reviews and contribute to performance feedback for staff
- Develop and maintain productive working relationships with client and onshore stakeholders.
To qualify for the role, you must have
- Preferably B.E/B.Tech (Computers, Electronics, Data Analytics), BCA/MCA, B.Sc/M.Sc. (computers major), MBA, CA.
- Must Have
- 3-5 years of hands-on Experience in Internal controls within SAP ECC Applications and their integrations and strong understanding of IT application controls, IT general controls and interface controls. Build or design security around SAP ECC, BW, GRC, HANA, BOBJ, BPC, S/4 & FIORI, BASIS.
- Strong understanding of Segregation of Duties and User provisioning, experience implementing and supporting SAP GRC - Access Risk Analysis (ARA) and Emergency Access Management (EAM) modules and understand of SAP configurations, and set ups, and security architecture of SAP.
- Review of SAP finance change migration process – like requirement engineering, test plans, data migration, go live (pre, present and post implementation review).
- Review of technical controls like data migration, reconciliation, data transfer, data splits/merge/consolidation as part of the change process.
- Strong English verbal and written communication skills.
- Nice to have
- CISA, CISM, CRISC, ISO27001, Data privacy certifications are an added advantage
- IT audit knowledge for a financial audit - Control frameworks such as COSO, related regulations including SOX and J-SOX
- Data analytics/automation tool – SQL, Monarch, BluePrism, Alteryx, PowerBI
- German/Dutch/French language is an added advantage.
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.