As an IT Risk Senior Associate, you will get the opportunity to grow and contribute to our clients' business needs by helping them understand their business risks and assist in addressing risk in both proactive and responsive contexts for the Risk, Compliance & Controls Practice – all with the resources, environment, and support to help you excel. You’ll collaborate with teams to execute and report on risk management, internal control and internal audit engagements that develop, assess, or improve the design and operating effectiveness of IT risk management and internal control activities. 
 
From day one, you’ll be empowered by the greater Risk team to help clients make the moves that will help them achieve their vision and help you achieve more, confidently.  

Your day-to-day may include: 

Actively participate in client engagements from start to completion, with a focus on executing and reporting on assigned project tasks that include co-sourced and outsourced IT internal audit, IT internal control assessments, IT risk management program assessments, tests of IT control design and operating effectiveness for Sarbanes-Oxley (SOX) and other compliance requirements, and helping clients design and implement IT controls  Obtain an understanding of clients’ industry, objectives, strategy, operations, processes, IT systems, and controls  Execute IT control design and operating effectiveness test procedures based on engagement scope, and client environment risk factors  Bring an innovative and analytical mindset to help our clients solve business issues and enable more efficient project execution  Work with the project team and client to deliver services in accordance with project leadership and client expectations   Work collaboratively with colleagues across Advisory Business Lines (ABLs) and with other Grant Thornton Service Lines (e.g., Audit Services and Tax Services)  Meet or exceed defined performance metrics  Other duties as assigned 

You have the following technical skills and qualifications: 

Bachelor’s degree in Accounting, Finance, Information Technology, MIS, or a related field is required  Minimum 2 years of related work experience with a professional services firm, or part of an internal audit function  CISA, CISSP, CISM, CPA license/certification preferred  Understanding of IT risk management and cybersecurity risk management standards (COBIT, NIST CSF, etc.)  Experience in assessing the design and operating effectiveness of IT risk management and IT controls (IT general controls, application controls, etc.) for Internal Audit, SOX compliance, or other risk management activities  Experience assessing configuration and controls of ERP systems (SAP, Oracle, PeopleSoft, JD Edwards) a plus  Experience assessing configuration and controls of SAP ECC, S/4 HANA, etc. (BASIS and security administration, process controls, etc.) a plus  Strong understanding of IT general controls, and current focus areas of external financial statement auditors  Experience assessing GRC and Identity and Access Management (IAM) solutions a plus  Experience assessing at least one (preferably multiple) operating system (OS/400, Windows, UNIX, etc.), database system (Oracle, SQL, etc.), and IT infrastructure / network component (domain controllers, firewalls, routers, intrusion prevention / detection solutions, etc.)  Experience with ACL, IDEA, QlikView, QlikSense, Tableau, Spotfire, or other analytics and visualization solutions   Ability to execute multiple engagements and completing priorities in a rapidly growing team environment  Exceptional client service, communication, analytical, organizational and project management skills   Strong computer skills, including proficiency in Microsoft Visio and Office Suite applications  Can travel as needed 

 

#ITRisk