FS TR- ITC – Tech Risk
As Risk consultant, you’ll contribute technically to Risk Consulting client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also identify potential business opportunities for EY within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior members of the team.
Your key responsibilities
- Participate in IT Risk and Assurance engagements.
- Work effectively as a team member, sharing responsibility, providing support, maintaining communication, and updating senior team members on progress.
- Help prepare reports and schedules that will be delivered to clients and other parties.
- Develop and maintain productive working relationships with client personnel.
- Responsible for managing reporting on assurance findings and ensure control owners take remediation action as required.
- Identify, lead, and manage the continuous improvement of Internal Controls through implementation of continuous control monitoring and automation.
- Obtain and review evidence of compliance for adherence to standards.
- Key domains of compliance controls, including change management, access to system, network and Data, computer operations and system development.
- Stay current with and promote awareness of applicable regulatory standards, upstream risk, and industry best practices across the enterprise.
- Understanding on Control frameworks such as COSO, internal control principal and related regulations including SOX and J-SOX. Common IT governance and Assurance standards including NIST, COBIT, Risk IT, ITIL and third-party reporting standards as SSAE16.
- Understanding on independent and risk based operational audits such as Software Development Life Cycle (SDLC), Business Resilience, Cybersecurity audits, Data privacy and data protection audits, Network security audit.
- Understanding and hands-on experience on data analysis tool such as Tableau, Power Bi, python etc.
- Conduct performance reviews and contribute to performance feedback for staff.
- Adhere to the Code of Conduct. The Code of Conduct sets the standards of behaviour, actions, sand decisions we expect from our people.
Skills and attributes for success
- Experience in application controls and Information security experience.
- Understanding of risk management systems and processes
- Ability to build relationships with key stakeholders across different levels of seniority.
- Strong written and verbal communication skills
To qualify for the role, you must have.
- Preferably bachelor’s degree in (Finance/Accounting, Electronics, Electronics & Telecommunications, Comp. Science)/MBA/M.Sc./CA
- Minimum of 1-2 years of experience in internal controls and Internal Audit
- Enterprise risk services with specific focus on IT and related industry standards
- IT Risk Assurance framework
- Control frameworks such as COSO, internal control principles and related regulations including SOX and J-SOX
- Preferred security skills related to a broad range of operating systems, databases or security tools, e.g., UNIX, Linux, Windows 2000 and NT, firewalls and IDS systems.
- Familiarity with IT analysis, delivery, and operations methods, including SDLC and CM
- Familiarity with security and risk standards such as ISO 27001-2, PCI DSS, NIST, ITIL, COBIT
- Experience of security testing methods and techniques including network, operating and application system configuration review
- Application controls and security experience:
- sensitive access and SOD testing
- controls testing
- Knowledge of data analysis tools like MS Excel, MS Access, MS SQL Server, ACL, Monarch, etc.
- Preferred Certifications: CISA
What we look for
We believe that you should own and shape your career. But we’ll provide the support and opportunities to develop the skills, knowledge and experience to succeed. The strength of our global network, combined with local empowerment and a relentless focus on winning in specific markets, means you’ll interact and team with individuals from various geographies and sectors. So, whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.
At EY, we’re dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are.
You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:
- Support, coaching and feedback from some of the most engaging colleagues around
- Opportunities to develop new skills and progress your career.
- The freedom and flexibility to handle your role in a way that’s right for you.
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.