Assistant Manager - IT Advisory - Vendor Risk Management - Big4

IT Advisory - AM Position

Projects in IT Advisory focus on the assessment and/or evaluation of IT systems/ processes and the mitigation of IT-related business risks. As part of vendor risk management, this includes designing vendor information security risk management framework, performing vendor reviews focused on different standards such as ISO27001, ISO22301, ISO31000 and domains such as information security, business continuity and privacy.

Responsibilities

- Collaborate with other members of the engagement team to plan the engagement and develop relevant workpapers/deliverables to conduct vendor information security reviews, define approach for vendor assessment and develop vendor evaluation model.

- Serve as a fieldwork leader by directing the daily progress of fieldwork, informing supervisors of engagement status, and managing staff performance.

- Use knowledge of the current IT environment and industry IT trends to identify the engagement and client service issues, and communicate this information to the project manager.

- Provide guidance and share knowledge with team members and participate in performing procedures especially focusing on complex, judgmental and/or specialized issues.

- Maintain relationships with client management and the project Manager to manage expectations of service, including work products, timing, and deliverables.

- Demonstrate a thorough understanding of complex information systems and apply it to client situations.

- Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the work to be performed.

- Demonstrate strong project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services.

- Coordinate effectively and efficiently with the Engagement manager and the client management keeping both constantly updated regarding project's progress.

To qualify, candidates must have:

- A bachelor's degree in engineering and approximately 5-6 years of related work experience; or a master's or MBA degree in business, computer science, information systems, engineering, or a related discipline degree and approximately 4-5 years of related work experience

- Experience working in Information Security domain, vendor risk assessment domain, IT auditor or IT risk advisor with a professional services firm, or within industry

- Significant experience in having applied relevant technical knowledge in at least one of the following engagements: (a) Vendor information security program design/ review (b) ISO standards (ISO27001, ISO22301, ISO31000) implementation assistance or review

- Strong project management skills

- Advanced written and verbal communication skills and presentation skills

- Excellent leadership, teamwork and client service skills

CA, CISA, CISSP certifications are a plus.