Job description
As part of our EY- Technology Risk team you’ll contribute technically to IT Risk and Assurance client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also identify potential business opportunities for Ernst & Young within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior members of the team.
Your key responsibilities are to
- Participate in IT Risk and Assurance engagements.
- Work effectively as a team member, sharing responsibility, providing support, maintaining active communication, and updating senior team members on progress.
- Helping in preparation of the audit reports that will be delivered to clients and other parties.
- Develop and maintain productive working relationships with onshore and client personnel.
- Identification and testing of SAP IT security and IT risk (e.g., data systems, network and applications) across the enterprise.
- Assist with facilitating practice wide training (SAP ITGC/ SAP ITAC /SAP Pre & Post Implementation) curriculum.
- Work closely with onshore, cross-functional teams and develop strong relationships as project senior across the organisation.
- Stay updated with and promote awareness of updated ERP versions & its functionalities, industry best practices.
- Active team member executing project management/ stakeholders management (Client, Assurance, onshore)
- Planning and Budgeting preparation and perform analysis of budget vs actuals.
- Provide quality deliverables with value addition on the engagements and is known as SMR across organisation.
Skills and attributes for success
- Experience in reviewing and testing of SAP S4 Hana / SAP ECC IT general controls (ITGC) for key domains such as access management, change management, computer operations, SDLC (System Development Life Cycle)
- Experience in reviewing and testing SAP S4 Hana / SAP ECC security & configurations such as debugging, client settings, etc.
- Experience in performing pre & post implementation reviews in SAP S4 Hana / SAP ECC environment and have been through S4 Hana/ ECC lifecycle & performing migration testing.
- Knowledge and understanding of the TCode, tables used to extract the data from SAP S4 Hana / SAP ECC with relation to ITGC and ITAC testing.
- Knowledge and understanding of SAP S4 Hana / SAP ECC user access security architecture (Roles, profiles, Authorisation objects)
- Experience in testing of firefighter controls in SAP S4 Hana / SAP ECC and GRC.
- Experience in reviewing and testing the Operating System (OS) and Hana Database (DB) controls in SAP S4 Hana / SAP ECC environment.
- Experience of working with other SAP applications such as GRC, Fiori, BW, BI, Ariba, Concur, Success Factor, VIM, Vistex.
- Experience in evaluation and testing of sensitive access and SOD (Segregation of Duties) across key business and IT process in SAP S4 Hana / SAP ECC and GRC environment.
- Experience in SAP GRC access control (AC) & process control (PC), financial compliance management (FCM).
- Experience in performing the walkthrough (Test of design) directly with the client, Operating Effectiveness and have knowledge of the financial statement’s assertions.
- Knowledge and understanding of the auditing methodology.
- Experience in reviewing and interpretation the ABAP codes with relation to the control testing for ITGC’s and ITAC’s in SAP S4 Hana / SAP ECC environment.
- Experience in reviewing and testing the key reports ensuring the risks (completeness & accuracy) related to IPE’s (Information Produced by Entity) are addressed.
- Knowledge and experience of industry specific SAP S4 Hana / SAP ECC modules.
- Knowledge of SAP S4 Hana / SAP ECC standard functionalities in relation to business and IT controls.
- Experience in reviewing and testing the key business process configurations (ITAC’s) in SAP S4 Hana / SAP ECC environment. Having strong knowledge of SAP S4 Hana / SAP ECC configurations (e.g., 3-way match, copy controls) is must.
- Experience in testing of interface controls between multiple systems and middleware controls.
- Experience in IT audit in the context of a financial audit & related regulations, auditing standards and guidelines.
- Knowledge and understanding of control frameworks such as COSO, internal control principles and related regulations including SOX and J-SOX.
- Knowledge and understanding of common IT governance, control, and assurance industry frameworks, including COBIT and ISACA best practices.
- Knowledge and understanding of third-party attestation standards (particularly SSAE16/18), other reporting and industry specific standards.
To qualify for the role, you must have
- B.E/B.Tech (CS/ IT)/MBA, CA with at least 3 years of experience.
- SAP S4 Hana / SAP ECC functional modules/ ABAP/ Security Certification (Preferred)
- CISA certified (Preferred)
- ISO 27001:2013 certified (Preferred)
- Any other relevant certification (Preferred)
What we look for
- A Team of people with commercial acumen, technical experience, and enthusiasm to learn new things in this fast-moving environment.
- Opportunities to work with EY technology risk practices globally with leading businesses across a range of industries.
You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:
- Support, coaching and feedback from some of the most engaging colleagues around
- Opportunities to develop new skills and progress your career.
- The freedom and flexibility to handle your role in a way that’s right for you.
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.