EY GDS - Consultant - IT General Control

Your key responsibilities :

- Participate in IT Risk and Assurance engagements

- Work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating senior team members on progress

- Help prepare reports and schedules that will be delivered to clients and other parties

- Develop and maintain productive working relationships with client personnel

- Build strong internal relationships within Ernst & Young Consulting Services and with other services across the organization

- Obtain and review evidence of compliance for adherence to standards

- Obtain evidence and perform SOD analysis

- Collaboration with other Compliance Analysts to identify overlaps with complementary compliance frameworks

- Key domains of compliance controls, including change management, access to systems, networks and data, computer operations and systems development.

- Driving necessary system and process updates across key domains of compliance

- Management of IT security and IT risk (e.g., data systems, network and applications) across the enterprise.

- Assist with the development of policies, procedures and standards that meet existing and newly developed policy and regulatory requirements

- Assist with facilitating IT security/risk training curriculum.

- Work closely with cross-functional teams and develop strong relationships as project lead within IT security and GRC projects.

- Stay current with and promote awareness of applicable regulatory standards, upstream risks and industry best practices across the enterprise

- IT audit in the context of a financial audit, and related regulations, auditing standards and guidelines

- Control frameworks such as COSO, internal control principles and related regulations including SOX and J-SOX

- Internal audit services with a specific focus on IT, and related industry standards

- Common IT governance, control and assurance industry frameworks, including COBIT, Risk IT, ValIT, IT Governance Institute and ISACA good practices

- IT industry frameworks such as ITIL and CMM

- Third party reporting standards (particularly SSAE16), other reporting and industry specific standards and, if applicable, trust-based standards such as SysTrust and WebTrust

Skills and attributes for success:

- Experience in evaluation of sensitive access and SOD based on business risks/ industry best practice risks for multiple ERPs.

- Experience in creation of SOD rulebooks based on the client business processes and applications

- Experience in role redesign based on the violations identified during the SOD tests.

- Application controls and security experience

- Security modelling

- Process systems and integrity, including risks and controls within business processes (manual, automated, security)