POSITION SUMMARY: Advisory IT Risk Experienced Associate POSITION SUMMARY: The Advisory IT Risk Experienced Associate is responsible for participating in a range of risk advisory projects for multiple public and private company clients across a variety of industries. Responsibilities include working in a team environment to execute and report on risk management, internal control and internal audit engagements that develop, assess, or improve the design and operating effectiveness of IT risk management and internal control activities. The Experienced Associate works closely with Partners, Principals, Managing Directors, Senior Managers, Directors, Managers, and Senior Associates, playing a key role in innovative project delivery and client relationship management. ESSENTIAL DUTIES AND RESPONSIBILITIES: Actively participate in client engagements from start to completion, with a focus on executing and reporting on assigned project tasks. Common engagements include, but are not limited to: co-sourced and outsourced IT internal audit, IT internal control assessments, IT risk management program assessments, tests of IT control design and operating effectiveness for Sarbanes-Oxley (SOX) and other compliance requirements, and helping clients design and implement IT controls.
Obtain an understanding of clients’ industry, objectives, strategy, operations, processes, IT systems, and controls.
Execute IT control design and operating effectiveness test procedures based on engagement scope, and client environment risk factors.
Bring an innovative and analytical mindset to help our clients solve business issues, and enable more efficient project execution.
Provide timely updates on the status of assigned tasks.
Work with the project team and client to deliver services in accordance with project leadership and client expectations (gather information, resolve problems, recommend internal control enhancement opportunities, etc.).
Develop and maintain good working relationships with clients and colleagues.
Communicate effectively (verbally and in writing) with clients and colleagues to successfully accomplish objectives, while portraying knowledge and confidence.
Work collaboratively with colleagues across Advisory Business Lines (ABLs) and with other Grant Thornton Service Lines (e.g., Audit Services and Tax Services).
Adhere to Firm policies, procedures, and methodologies, including strict protection of client confidentiality.
Participate in recruiting efforts.
Participate in relevant professional organizations (Institute of Internal Auditors, Information Systems Audit and Control Association, etc.).
Participate in business development activities and proposal development, as appropriate.
Meet or exceed defined performance metrics.
Domestic and/or international travel as required.
Other duties as assigned.
Bachelor's degree in Accounting, Finance, Information Technology, Management Information Systems, Business Intelligence, or related field. A Master’s degree is a plus.
A minimum of one year of related work experience with a professional services firm, or as part of a risk management, information security, or Internal Audit function.
Desire to pursue CISA, CISSP, CISM, CPA, CIA or other relevant license/certification. Having already passed the applicable examination a plus.
Experience in assessing the design and operating effectiveness of IT risk management or IT controls (IT general controls, application controls, interface controls, IT infrastructure controls, key report integrity, etc.) for Internal Audit, SOX compliance, System & Organization Control (SOC) reporting, or other risk management, compliance or assurance activities.
Understanding of current IT risk and control focus areas of external financial statement auditors (completeness and accuracy of key reports, level of precision, etc.).
Understanding of prevailing IT risk management and cybersecurity risk management standards (COBIT, NIST CSF, etc.).
Client service acumen, with a demonstrated ability to develop and maintain strong relationships.
Ability to work in a rapidly growing, fast-paced, interactive, results-based team environment.
Strong communication (oral, written and presentation) skills.
Strong analytical and project management skills.
Strong computer skills, including proficiency in Microsoft Visio and Office Suite applications.
Ability to travel as required.
Experience with any of the following a plus:
Assessing the configuration and controls of on-premise and cloud-based SAP systems (ECC, S/4 HANA, etc.), including BASIS and security administration, process controls, etc.
Assessing the configuration and controls of other on-premise and cloud-based Enterprise Resource Planning (ERP) systems and business applications (Oracle, Workday, Infor, NetSuite, etc.).
Assessing IT controls over cloud platforms (AWS, Azure, etc.), operating systems (OS/400, Windows, UNIX, etc.), database systems (Oracle, SQL, etc.), and IT infrastructure / network components.
Leveraging analytics and visualization solutions (PowerBI, Alteryx, ACL, IDEA, QlikView / QlikSense, Tableau, Spotfire, etc.).
Understanding Governance, Risk and Compliance (GRC) and Identity and Access Management (IAM) solutions.
Ability to travel on short notice and work additional hours as necessary.