Engagement Management :
Understand the process workflow related to work requests from initiation through completion, understand how workflow is managed within the firm's workflow management tool, understand optimal and required manner in which to document results of work performed
Perform IT related controls testing and evaluation for Information Systems
Prepare test procedures based on control requirements and documentation of test results based on testing performed
Report control deficiencies identified, to team Senior / Manager
Client Service Delivery
Provide high quality client service, working directly with clients to understand management expectations, evaluate the current risk management environment, and design and implement solutions to identify, assess and respond to strategic risks and improve risk management capabilities across their enterprise.
Working predominantly on off-shore engagements and relevant Big 4 teams. Communication, written and verbal, with these teams would be expected.
This communication would include emphasizing
BS Accountancy / Computer Science / Information Technology / Computer Engineering
2+ years of hands-on experience in the multiple areas of IT audits, SOX / ICFR / IFC / SAS 70 / SSAE / SOC, IT Financial Audit and Business Automated Controls, IT Risk consulting or any other regulatory / compliance audits
Experience in delivering result oriented solutions to Senior Management and Boards of Directors.
Knowledge of IT Security aspects towards key areas like Cloud Computing, Cyber Risks, Network Security, database management systems, SDLC, IT general controls (ITGC), COBIT, COSO 2013.
Excellent written and oral communication skills e.g. presentation to top management and report writing
Experience in managing professional service engagement teams
Certifications of CISA, CISSP, CISM, ISO27001 preferred
Good Exposure in :
IT General Controls across platforms (Application, OS, DB) for following areas :
User Access Management
Backup and Recovery Management
Batch Job Management
Problem / Incident Management
Business Process cycles (Purchase to Payable; Revenue & Receivables; Inventory; Payroll; Treasury)
Generally accepted audit standards, and Corporate Internal Audit standards
Experience with SOX, Internal Audit and SSAE 16 (At least 1 of 3)
Working knowledge of :
System architecture, business processes and system risks
Operating system and database platforms (such as Windows, Unix, OS400, Mainframe, SQL, Oracle, DB2 etc.)
Good understanding of industry standards and frameworks such as ISO / IEC 27001, COBIT, ITIL, COSO etc.