This position will be responsible for providing high quality, professional day-to-day execution of a variety of engagement types such as technology risk assessments, vendor risk management assessments, network security assessments, application security assessments, SSAE 16 / SOC attestation engagements, financial audit support, and Sarbanes-Oxley 404 assessments. You will work as part of a diverse engagement team that develops strong relationships with our clients that is built on an understanding of the business and technological challenges they face.
- Identify, evaluate and document IT business risks and corresponding general computer and application controls
- Develop audit programs based on type, complexity, age and criticality of systems being evaluated
- Evaluate security and controls of various platforms and technologies such as Windows, UNIX/Linux, various database environments and network devices as experience allows
- Perform and document test results and walkthroughs of IT processes and controls
- Evaluate test results and assess controls for compliance with Sarbanes-Oxley 404 requirements.
- Participate in closing meetings to present and discuss audit findings and recommendations.
- Assist on special projects as assigned (e.g., data mining, security assessments, process flowcharting, vendor risk management, etc.)
- Bachelor’s degree in Information Systems, Accounting Information Systems or Business Administration
- CISA, CISM, CISSP, MCSE, MCSA and/or MBA
- 1-5 years of IT experience, with public accounting and/or, IT audit experience
- Strong time-management, analytical and problem solving skills
- Great attitude and communication skills to communicate with both IT and non-IT personnel.
- Experience in Information Technology, Manufacturing, Higher Education, Financial Services and Retail industries
- Experience with SSAE 16/SOC engagements and/or Sarbanes-Oxley 404 engagements
- Proficiency with a variety of operating systems including of Windows, OS400, Unix and Linux
- Proficiency with a variety of database management systems including Oracle, SQL and other open source technologies
- Great understanding of relevant regulations and industry standards (e.g., SSAE 16/SOC , FFIEC, SOX, COSO, COBIT, ITIL, ISO27001, PCI, HIPAA and GLBA), best practices and methodologies and the ability to apply these requirements to organizational internal control frameworks