Within MBAF’s IT Risk Advisory and Assurance practice, staff level resources participates in client engagement teams and other related activities. Engagements focus on the assessment and/or evaluation of Information Technology (IT) systems and the mitigation of IT-related business risks. Engagements may be either risk advisory and / or assurance (attestation) nature, and vary in size and complexity. Our IT Risk Advisory services and professionals help our clients to establish and/or improve IT internal controls and helping to improve IT and business performance. In addition to IT risk and controls management and readiness, MBAF’s IT risk advisory services focus on Cybersecurity; IT governance; IT program management and oversight; Data privacy, protection and governance; and security and controls of Enterprise Resource Planning (ERP) implementations.
This professional serves as a part of the team to assist clients in establishing and improving IT risk and controls as well as employing proper information systems, resources, and controls to maximize efficiencies and minimize risk. The successful candidate will work with client personnel, under the direction of a supervisor to analyze, evaluate, and enhance information systems facilitating the business internal control process, and will assist clients and other IT Risk Advisory professionals in performing information technology and security engagements.
- Collaborate with other members of the engagement team to document the information technology process, risks and controls.
- Demonstrate an understanding of information systems. Use knowledge of the current IT environment and industry IT trends to identify key issues and opportunities for improvement, and communicate this information to the engagement team through written correspondence and verbal presentations.
- Demonstrate willingness to lear, inspire teamwork and responsibility with engagement team members, and use current technology and tools to enhance the effectiveness of deliverables and services
To qualify, candidates must have:
- A bachelor’s degree and approximately 1-2 years of related work experience; or a graduate degree.
- A degree that combines accounting and auditing with information systems and related disciplines.
- A minimum of 1 year of experience working as an IT auditor or IT risk advisor for a public accounting firm, a professional services firm, or as an IT security professional within industry
- Experience in applying relevant technical knowledge in at least one of the following engagements: (a) Providing IT support for financial statement audits; (b) IT SOX, internal or operational audits; (c) SSAE16 Attest engagements; and/or (d) ERP project management, security and control reviews (SAP, Oracle, PeopleSoft, Dynamics, etc.)
- Strong written and verbal communication skills and presentation skills
- Teamwork and client service skills
- Demonstrated integrity within a professional environment
- Successful candidates should be available to travel outside of their assigned office location approximately 25% of the time (including internationally), plus commute within the region. Successful candidates must work in excess of standard hours when necessary.
- Working towards CPA and CISA certification is preferred; other verifications would be considered: CA, CISSP, CISM, CBCP, CIA, CIPP, CGEIT.