assistant manager- technical risk.

Designation: Assistant Manager

Business Unit: Assurance & Advisory

Location: Gurgaon, Chandigarh, Jaipur, Bangalore

Role:

You will be part of a team responsible for performing Information Technology (IT) risk assessments, process documentations, controls drafting, developing test scripts and test procedures and performing IT controls testing across audits / certifications such as SOX, SOC 1, SOC 2, HITRUST CSF, ISO 27001.

Client’s Risk Advisory practice is focused on assisting businesses navigate the evolving Information Technology (IT) risks landscape. Our team has a blend of experienced business and technology professionals from both industry and consulting who have a comprehensive understanding of risk.

We work with clients to focus on addressing risks, required compliances, resolving challenges in the control environment to help them achieve their business ambitions.

Your key responsibilities include-

• Plan, execute and manage client engagements.
• Regular interactions with client’s management, releasing status updates on engagements, leading kick-off and closure meetings.
• Leading walkthroughs / discussions on engagements.
• Performing and/or assisting team members in testing design, operating effectiveness, accuracy, and completeness of various IT General controls, IT Application Controls, Interfaces, IPEs, Data Migration in ERP Platforms for financial statement audits as per SOX / ICFR.
• Leading risk-based audits, integrated audits as per applicable statute, readiness assessments.
• Review / Lead IT risk assessments, drafting Risk and Control Matrix (RACM), process documentations such as process narratives and flowcharts for IT processes, applications, and interfaces.
• Review test procedures performed, test results and workpapers drafted by team members and provide them regular guidance to improve their work quality.
• Drafting comprehensive executive summaries and final reports / deliverables.
• Identifying control remediations and performance gaps, implementing/suggesting leading industry practices, reducing risks by adding adequate controls.
• Discussing test results with client’s management, process and application owners.
• Focus on emerging technology and digital solutions, strategic, operational, regulatory/compliance, and industry-related risks.

To excel in this role, you need -

• Prior consulting experience preferably in a consulting role with a Big 4 or top tier / mid accounting firm or multinational corporate.
• Ability to manage teams and provide them with required support and guidance.

• Take responsibility for the team’s deliverables and quality of work product.
• Experience in leading and executing SSAE 18 / ISAE 3402 engagements, particularly in third party reporting such as SOC 1, SOC 2, and SOC 3.
• Good understanding of SOX / ICFR, COSO / COBIT frameworks, ISO 27001, and/or GDPR.

• A good grasp on key operating systems such as Windows, Unix, and Linux and database such as MS SQL, MY SQL, Non-RDBMS and SDLC.
• Knowledge on how to test IT controls in the domains of access management, change management, operations, and development across the system landscape (Application, Server and Database levels).
• Good understanding of query languages.
• Knowledge on how to test integrations / interfaces between IT systems, checks for data completion and accuracy.
• Familiarity of cloud solution providers.
• Ability to document in detail the test procedures performed and results of testing.
• Ability to understand and interpret audit reports such as SOC 1 / SOC 2 and scope of certifications issued for service providers and their impact on current engagement.

It will be awesome if you -

• Like to work in a fast paced and dynamic environment.
• Enjoy working with teams, believe in supporting your team and building strong working relationships.
• Possess excellent communication and presentation skills.
• Like to keep pace with developing technologies and have excellent IT knowledge.
• Come with an excellent academic background.
• Are disciplined and committed to delivering assigned tasks within stipulated timelines.
• Have an analytical approach to work.
• Are good with working on Microsoft suite of applications specifically Visio.

You should be a -

• Postgraduate (PG)[1] (in IT / Information Security / Systems). Certifications[2] will be an advantage.

Work Experience: 4 – 6 years

Or

• Postgraduate (PG) (any discipline) with Relevant Work Experience[3] and / or with Certifications.

Work Experience: 4 – 7 years

[1] Postgraduate (PG): MBA / M.Tech / MCA / CA / CPA

[2] Certifications: CISA, CISSP, CISM, PCI DSS, HITRUST CSF, ISO 27001, CEH, Cloud – AWS / GCP / Azure.

[3] Relevant work experience: Experience in IT General Controls (ITGC) testing, IT Application Controls (ITAC) testing, ERP implementations, IT Risk Assessments, IT Internal Audits etc, SOC 1 / SOC 2 Audits, HITRUST Assessments.