Risk Assurance Role - IT Audit/ISO Audit - Big4

We are looking out for professionals who are into IT audit / IT risk assurance /ISO audit/ IT Governance/ risk compliance. This position is open with one of our Big 4 client in Bangalore.

Candidates with 1-6 years of experience

Please find below the JD:

Key Responsibilities:

- Provide guidance and share knowledge with team members and participate in performing procedures especially focusing on complex, judgmental and/or specialized issues. Work with the team and the client to create plans for accomplishing engagement objectives and a strategy that complies with professional standards and addresses the risks inherent in the engagement

- Brief the engagement team on the client's IT environment and industry IT trends. Maintain relationships with client management to manage expectations of service, including work products, timing, and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to client situations

- Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the client's business. Demonstrate excellent project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services. Understand EY and its service lines and actively assess what the firm can deliver to serve clients

- To qualify, candidates must have:

Professional with experience in Information Technology experience in the field of ITGCC, SOX Compliance,SSAE16.

- Expertise in IT SOX compliance, Proficiency in General IT Controls, Business Continuity management, SAP testing, applications controls and performing SAS70 Reviews.

- Risk based Internal Audits - Managing risk based internal audits

- IT strategy consulting services - IT strategy reviews and assistance in implementation of a value governance framework.

- Assisting in application security assessments, business cycle controls (BCCs) review, general computer controls (GCCs), Segregation of duties analysis.

- Security policy and procedure development in alignment with business needs

- Business Continuity Plans & Disaster Recovery (BCP/DR) - Conducting business Impact Analysis, Identify controls, Develop recovery strategy, plan testing, training and user awareness, and plan review and maintenance for development of effective business continuity management solutions .

- Service Delivery - Engagement planning, management, client report review and delivering client presentations.

- Knowledge Management- Developing work programs and methodologies to build specific competency and enhance value proposition.

- Team Building - Knowledge sharing, training, motivating and development of team members.

- Performing IT-GCC testing for multiple applications, Database Security Audits, SDLC & SQL Reviews, Process Automation, IT Asset Management, Software License Reviews, Operating Systems Security Audits for UNIX (Solaris, Linux, HP-UX, AIX), Windows

- Defining and performing Audit procedures to assess if any identified deficiencies in the application were exploited

Deepti Malik
Practice Lead