Main duties & responsibilities
Managing the execution of third party assurance audits (SOC 1, SOC 2, SOC 3).
Leading IT risk advisory teams responsible for delivering IT risk consulting projects – IT SOX, IT Security, ERM, BCP, Cloud etc.
Planning and managing the execution of ITGC audits across a range of client systems. Analysing and testing the IT General controls over critical applications (SAP ECC, SAP GRC, Oracle, Mainframe, Microsoft Dynamics) Database (Oracle, SQL) and overall network infrastructure (Windows server and Windows Active Directory).
Providing subject matter expertise to clients on IT security, resiliency and transformation projects.
Preparing client reports and proposals detailing scope, work performed, insights and recommendations.
Liaising and managing domestic and global client stakeholder relationships and internal senior stakeholder relationships to optimise client delivery, embedding of relationships and business development agenda
Supporting internal senior management stakeholders with ad hoc IT risk project requests.
Requirements/ Essential Skills / Attributes
Qualifications in information systems auditing (CISA, CISSP or similar)
Relevant industry experience, with an interest in professional services environment
5+ experience in information systems auditing, internal controls/ compliance
Extensive experience of COBIT, ITIL, NIST and COSO control frameworks and application of same
Strong third party assurance capabilities will an ability to navigate complex IT control environments coupled with an understanding of ISAE3402/ ISAE 3000/ SSAE18 regulations and trust service principle requirements
Strong client service skills and an interest in providing IT and business advisory services to clients
Good project management skills, and the ability to plan and manage projects with several staff
Excellent written and oral communication skills, and attention to detail
Good technical IT knowledge, including a knowledge of networking, IT security, operating systems and financial applications
