GDS_Consulting Technology Risk Consultant
PHILIPPINES Teaching
Job description
Technology RiskConsultant
TechnologyRiskcovers all risk services where EY is providing independent assuranceand the preparation towards assurance to ourclients where the assurance can be usedby our clients to build confidence and trust with their customers, the generalmarket/public, key stakeholders or when regulatory(by law or oversight) or contractuallyrequired. Engagements focus on the assessment and/or evaluationof IT systems andthe mitigation of IT-related business risks. Engagements may be either assurance(attestation) and/or riskadvisory in nature, and vary considerably in size andcomplexity.
The Opportunity
All of our services whether assurance or advisoryin nature are designed for the dual
purpose of strengthening internal controls and, in so doing, helping to improve ITand
business performance. In addition to assurance-related engagements such as financialattestation and SSAE 16 engagements, our IT risk advisory services focus on IT
governance and effectiveness; IT program management and assurance; security and
controls of ERP implementations; and business intelligence and information analysis.
KEY RESPONSIBILITIES:
Engagement Service Delivery
· Provide high quality client service, working directly with onshore and/or client teams to understand and evaluate client’s IT environment and controls.
· Working predominantly on offshore engagements. Communication, written and verbal, with the local EY and/or client teams would be expected.
· Adhere to EY audit methodologies and tools.
· Prepare, execute and document test procedures and results based on control requirements.
· Report control deficiencies identified to engagement team Senior/Manager and evaluate the overall impact.
· Identify opportunities for improvement/provide recommendations to mitigate the control deficiencies noted.
Coaching and Relationship Management
· Coach/Mentor newer/less experienced engagement team members.
· Develop and maintain team and client relationships to manage expectations of service, including the quality, timing, and deliverables.
Practice Development:
· Comply with mandatory training and internal risk management requirements.
· Identify and report any internal process improvement opportunities.
· Actively contribute to initiatives and internal committees.
Skills and attributes for success:
·
· At least 1-3 years’ experience in auditing/reviewing:
· IT General Controls across different platforms (Application, Operating System, Database) related to the following areas/domains:
· User Access Management
· Change Management
· Backup and Recovery Management
· Batch Job Management
· Problem/Incident Management
· System development/acquisition, migration and implementation.
· IT Application/Automated Controls related to various business processes such as Procure to Pay, Order to Cash, Inventory, Payroll, Treasury, Record to Report, etc.
· System-Generated Report/Information Produced by Entity (IPE) testing.
· IT SOX, IT Internal Audit or Service Organization Controls (SOC) testing.
ØExposure to the following technologies:
· ERP/Application systems particularly SAP ECC/S4Hana and Oracle EBS/Fusion.
· Operating Systems (Windows Server, UNIX/Linux, OS/400, etc.
· Databases (Microsoft SQL, Oracle SQL, DB2, SAP HANA, etc.)
ØFamiliarity with leading industry standards and frameworks such as SSAE 16/ISAE 3402, ISO/IEC 27001,COBIT, ITIL, COSO etc.
ØStrong communication, correspondence and presentation skills.
ØPreferably with at least one of the following professional certifications: CISA, CISM, CIA.
To qualify,you must:
· possess a bachelor's degree in Accounting, Computer Science, Information Systems, Engineering, or other related discipline.
· have prior work experience as IT Auditor, IT Compliance Specialist, IT Internal Auditor Information Risk Consultant, Information Security Analyst or other related roles.
· be amenable to work in McKinley Hill, Taguig City.
· be amenable to work long working hours, particularly during the busy season and when necessary.
· possess a valid passport.
Technology RiskConsultant
TechnologyRiskcovers all risk services where EY is providing independent assuranceand the preparation towards assurance to ourclients where the assurance can be usedby our clients to build confidence and trust with their customers, the generalmarket/public, key stakeholders or when regulatory(by law or oversight) or contractuallyrequired. Engagements focus on the assessment and/or evaluationof IT systems andthe mitigation of IT-related business risks. Engagements may be either assurance(attestation) and/or riskadvisory in nature, and vary considerably in size andcomplexity.
The Opportunity
All of our services whether assurance or advisoryin nature are designed for the dual
purpose of strengthening internal controls and, in so doing, helping to improve ITand
business performance. In addition to assurance-related engagements such as financialattestation and SSAE 16 engagements, our IT risk advisory services focus on IT
governance and effectiveness; IT program management and assurance; security and
controls of ERP implementations; and business intelligence and information analysis.
KEY RESPONSIBILITIES:
Engagement Service Delivery
· Provide high quality client service, working directly with onshore and/or client teams to understand and evaluate client’s IT environment and controls.
· Working predominantly on offshore engagements. Communication, written and verbal, with the local EY and/or client teams would be expected.
· Adhere to EY audit methodologies and tools.
· Prepare, execute and document test procedures and results based on control requirements.
· Report control deficiencies identified to engagement team Senior/Manager and evaluate the overall impact.
· Identify opportunities for improvement/provide recommendations to mitigate the control deficiencies noted.
Coaching and Relationship Management
· Coach/Mentor newer/less experienced engagement team members.
· Develop and maintain team and client relationships to manage expectations of service, including the quality, timing, and deliverables.
Practice Development:
· Comply with mandatory training and internal risk management requirements.
· Identify and report any internal process improvement opportunities.
· Actively contribute to initiatives and internal committees.
Skills and attributes for success:
·
· At least 1-3 years’ experience in auditing/reviewing:
· IT General Controls across different platforms (Application, Operating System, Database) related to the following areas/domains:
· User Access Management
· Change Management
· Backup and Recovery Management
· Batch Job Management
· Problem/Incident Management
· System development/acquisition, migration and implementation.
· IT Application/Automated Controls related to various business processes such as Procure to Pay, Order to Cash, Inventory, Payroll, Treasury, Record to Report, etc.
· System-Generated Report/Information Produced by Entity (IPE) testing.
· IT SOX, IT Internal Audit or Service Organization Controls (SOC) testing.
ØExposure to the following technologies:
· ERP/Application systems particularly SAP ECC/S4Hana and Oracle EBS/Fusion.
· Operating Systems (Windows Server, UNIX/Linux, OS/400, etc.
· Databases (Microsoft SQL, Oracle SQL, DB2, SAP HANA, etc.)
ØFamiliarity with leading industry standards and frameworks such as SSAE 16/ISAE 3402, ISO/IEC 27001,COBIT, ITIL, COSO etc.
ØStrong communication, correspondence and presentation skills.
ØPreferably with at least one of the following professional certifications: CISA, CISM, CIA.
To qualify,you must:
· possess a bachelor's degree in Accounting, Computer Science, Information Systems, Engineering, or other related discipline.
· have prior work experience as IT Auditor, IT Compliance Specialist, IT Internal Auditor Information Risk Consultant, Information Security Analyst or other related roles.
· be amenable to work in McKinley Hill, Taguig City.
· be amenable to work long working hours, particularly during the busy season and when necessary.
· possess a valid passport.