IT Risk Advisory Senior Consultant

The Senior Consultant, IT Audit directs and conducts information technology audits, operational risk-based audits, and consulting engagements to include assessing risks, developing audit plans and programs, performing audits, and evaluating/reporting on internal controls. Ultimately, this Senior addresses the appropriate risks, helping our clients achieve optimal IT controls and operational efficiency. Specific responsibilities entail:

• Leading various engagements, such as SOX 404 compliance (ITGC focus), SOC 2 examinations, outsourced internal audit projects (ITGC focus), and technology/cybersecurity risk assessments.
• Gaining an understanding of assigned clients’ objectives as well as their regulatory and risk management environment.
• Developing strong working relationships and communicating effectively with clients.
• Setting priorities, ensuring daily coordination among the project team, and monitoring progress against schedules, budgets, project/task deliverables and status reporting.
• Obtaining and analyzing data as a basis for reviewing the adequacy, effectiveness, and efficiency of systems and processes.
• Leading IT general controls (ITGC) audits.
• Maintaining the level of technical competency and professional care required for the completion of assignments in accordance with auditing standards and related control techniques.
• Evaluating processes and controls for compliance with relevant existing or proposed laws and regulations, established policies, plans and procedures.
• Determining how to audit “through the computer” during financial and operational audits.
• Assessing internal controls’ design adequacy to mitigate financial, operational and compliance risks and to test their operating effectiveness.
• Preparing audit reports and recommending improvements to IT controls and operational processes.
• Delivering oral and written presentations during and at the conclusion of audits.
• Presenting findings, risk analyses, and recommendations to executive leadership.
• Planning, reviewing and providing direction for the work of Staff Consultants.
• Staying abreast of new technology, emerging risk areas and related control techniques.
• Participating in pre-and post-implementation control reviews of major system development proposals.
• Appraising the adequacy of corrective actions taken to remediate deficiencies identified during audits.
• Providing exceptional service to clients remotely and in-person, always serving as a positive brand ambassador.

Required Qualifications:

• Bachelor’s and/or Master’s degree in Management Information Systems, Computer Science, Information Technology, Cybersecurity, or another relevant field.
• Willingness to become a CPA, CIA, CISA, and/or CISSP within two years of being hired.
• Minimum two (2) years of current or recent IT consulting and/or IT audit experience.
• Minimum one (1) year of current or recent commercial client consulting experience.
• Knowledge across the following technologies: AWS, Azure, Salesforce, Office 365, JIRA/Confluence, Active Directory, and Relational Databases (MySQL, SQL Server, etc.).
• Expertise with at least two of the following regulations/frameworks: SOX, SOC 1 & 2, NIST CSF, ISO 27001, HIPAA, PCI, COBIT and/or GDPR.
• Demonstrated knowledge of business risks and effective systems of internal controls.
• Working knowledge of operating policies and standards as well as compliance issues.
• Experience reviewing, considering, criticizing, and/or auditing IT and operational controls or process improvements.
• Project management experience including workflow balancing, activity scheduling, problem solving facilitation, prioritizing multiple complex tasks, and meeting deadlines.
• Unwavering integrity and ethics.
• Experience interacting with clients, establishing credibility, trust and healthy relationships.
• Demonstrable examples of innovative thinking and problem solving.
• Willingness and ability to travel to client sites across the country, as dictated by business need (possibly up to 25%).
• High level of motivation, organization, and commitment to professional development.
• Experience successfully working independently with minimal supervision and collaboratively.
• Strong communication skills with the ability to convey complex auditing information and business risks to non-technical audiences.
• Effective public speaking skills with the ability to prepare and deliver presentations.

Preferred Qualifications:

• Minimum four (4) years of current or recent IT consulting and/or IT audit experience.
• SOX 404, SOC 2, and cybersecurity consulting experience preferred.
• CISA, CIA, CPA, CISSP, CISM, CGEIT, and/or CRISC.
• Experience working on engagements for commercial clients across various industries.
• Demonstrable experience with AI and/or BI/analytics tools that improve audit efficiency and effectiveness.