At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you.
And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.
Technology Risk covers all risk services where EY is providing independent assurance and the preparation towards assurance to our clients where the assurance can be used by our clients to build confidence and trust with their customers, the general market / public, key stakeholders or when regulatory (by law or oversight) or contractually required.
Engagements focus on the assessment and / or evaluation of IT systems and the mitigation of IT-related business risks. Engagements may be either assurance (attestation) and / or risk advisory in nature, and vary considerably in size and complexity.
All of our services whether assurance or advisory in nature are designed for the dual purpose of strengthening internal controls and, in so doing, helping to improve IT and business performance.
In addition to assurance-related engagements such as financial attestation and SSAE 16 engagements, our IT risk consulting services focus on IT governance, risks and control effectiveness;
ITprogram management and assurance; security and controls of ERP implementations; and business intelligence and information analysis.
Key Responsibilities :
Engagement Service Delivery and Management
Provide high quality client service, working directly with onshore and / or client teams to understand and evaluate client’s IT environment and controls.
Work predominantly on offshore engagements. Communication, written and verbal, with the onshore EY and / or client teams would be expected.
Adhere to EY audit methodologies and tools.
Lead engagement kick-off and status update calls with onshore and / or client teams.
Understand the process workflow related to work requests from initiation through completion and how workflow is managed within the firm's online tool for audit monitoring and project management.
Perform IT related controls testing and evaluation for Information Systems.
Prepare test procedures based on control requirements and documentation of test results based on testing performed.
Review Consultant’s work papers and provide guidance in performing test procedures.
Provide update to Engagement Manager on the work status and result of audit review.
Report control deficiencies identified to engagement Manager and client management and evaluate the overall impact.
Identify opportunities for improvement / provide recommendations to mitigate the control deficiencies noted.
Coaching, Relationship Management and Business Development
Coach / Mentor newer / less experienced engagement team members.
Develop and maintain team, onshore and client relationships to manage expectations of service, including the quality, timing, and deliverables.
Identify any potential business opportunities on the engagement / account and endorse GDS Managers and / or Leaders for further business development activities.
Practice Development :
Comply with mandatory training and internal risk management requirements.
Identify and report any internal process improvement opportunities.
Facilitate virtual / classroom trainings to the broader Tech Risk team
Actively contribute to and / or lead initiatives and internal committees.
Skills and attributes for success :
1. At least4-6yearexperience in auditing / reviewing :
IT General Controls across different platforms (Application, Operating System, Database) related to the following areas / domains :
User Access Management
Backup and Recovery Management
Batch Job Management
Problem / Incident Management
System development / acquisition, migration and implementation.
IT Application / Automated Controls related to various business processes such as Procure to Pay, Order to Cash, Inventory, Payroll, Treasury, Record to Report, etc.
System-Generated Report / Information Produced by Entity (IPE) testing.
IT SOX, IT Internal Audit, Service Organization Controls (SOC), Information Security review and / or Cloud Security review / testing.
2. Exposure to and / or working knowledge on the following :
ERP / Application systems particularly SAP ECC / S4Hana and Oracle EBS / Fusion.
Operating Systems (Windows Server, UNIX / Linux, OS / , etc.)
Databases (Microsoft SQL, Oracle SQL, DB2, SAP HANA, etc.)
Cloud technologies (PaaS, SaaS, virtualization, etc.)
3. Familiarity with leading industry standards and frameworks such as SSAE 16 / ISAE , ISO / IEC , COBIT, ITIL, COSO etc.
4. Experience in supervising staff or engagement team.
5. Strong communication, correspondence, presentation / facilitation and coaching skills with at least one of the following professional certifications : CISA, CISM, CIA.
To qualify, you must :
possess a bachelor's degree in Accounting, Computer Science, Information Systems, Engineering, or other related discipline.
have prior work experience as IT Audit Supervisor, IT Compliance Lead, IT Internal Lead, Information Risk Sr. Consultant, Information Security Supervisor or other related roles.
be amenable to work in McKinley Hill, Taguig City.
be amenable to work long working hours, particularly during the busy season and when necessary.
possess a valid passport.