JOB DETAILS:
Job Description & Summary
Today’s Information Technology and Corporate Governance business environment is more complex and more connected than ever before, bringing about unknown risks with new opportunities. Our Risk Assurance Service (RAS) professionals combine deep Information Technology and Corporate Governance expertise with leading technologies to help our clients improve their understanding of and responses to existing and emerging risks. Our RAS practice brings together specialist disciplines to give our clients the insight, foresight, and independent advice they need to build and safeguard the value of their businesses. The teams help transform the way our clients perceive - and navigate - risks, so that they can stay at the forefront of change.

Working with our Risk Assurance team to serve leading clients in key industries, the successful candidate will gain exposure to a wide variety of complex Information Technology and Corporate Governance environments that come along with immense learning opportunities. Assignments will include performing information technology risk assessments and controls reviews, corporate governance reviews, business process analyses, internal audits, cyber security assessments and assurance/audit related work.
• As a Manager, you will plan and lead the delivery of various IT risk and cyber security related projects covering in summary:
• Understanding and documenting client’s key business processes, underlying business applications and IT controls designed, implemented and operated to address IT risks.
• Performing risk assessment including classifying identified risk based on likelihood of occurrence/ magnitude and prioritizing the same
• Reviewing client’s IT policies and procedures against industry best practices and standards (ISO 27001/27002, COBIT 5, ISF’s SoGP, PCI DSS).
• Reviewing the client’s IT governance structure for compliance with standards and best practices including IT/ digital strategies, IT steering committee efficiency and effectiveness, IT value and delivery practices, IT risk management, IT organizational structures, IT staff competencies etc.
• Providing continuous and point in time quality assurance and project management services for various client system implementations, throughout the project lifespan (covering business requirement gathering, vendor and system selection, system design, construct and/or customization, testing (functional and nonfunctional), data migration, cutoff/ go live, post implementation).
• Performing ERP (SAP, Oracle, JDE and Navision) and core banking system (Flexcube, Finacle, BASIS, T24) control reviews.
• Performing information security reviews including IT general controls review (identify and access management, IT change management, data backup and recoverability, IT incident and problem management), application-level controls reviews (access rights and segregation of duties controls, automated controls, interfaces, system reports testing, etc.) on various tiers of applications including core banking systems and billing systems; network security reviews, operating system security reviews, database security reviews etc.
• Performing data analysis for data integrity tests and data analytics for revenue assurance using queries (SQL and Python) and computer-aided audit tools (ACL and Alteryx).
• Testing of system-driven financial statement balances for accuracy, completeness, occurrences and cut-off financial assertions.
• Performing IT value-for-money (VFM) audits.
• Performing reviews of disaster recovery and business continuity policies, programmes and practices against best practices and standards (ISO 22301).
• Performing IT vulnerability assessments and penetrating testing on web, mobile applications and networks.
• Performing cyber security maturity assessments.
• Be part of a team that performs other Risk Assurance related services including corporate governance reviews, enterprise risk management related work, internal audits, third party assurance services etc. as would be advised by the business unit leader.
• Build client relationships through engagements based on trust, identifying opportunities to help clients resolve their challenges, and supporting the engagement sales process.
• Collaborate with colleagues across different competences within the firm.
• Manage staff competency development, engagement resourcing and performance evaluation to promote highly motivated and inspired teams responsible for delivering digital trust and cybersecurity/ privacy assignments.
• Highly confident and resilient, comfortable asserting yourself with senior clients (Executive and Board level)
• Strong technical skills and knowledge (i.e. 5 years + experience) and proven ability providing IT risk assurance and corporate governance services
• Solid financial and commercial acumen and understanding
• Excellent presentation skills and experience planning and facilitating workshops with senior level audiences
• Robust diligence, ability to pay close attention to detail and strong report-writing skills
• Ability to innovate and think laterally
• Strong inter-personal communication skills with ability to build trust and rapport with diverse internal and external stakeholders
• Ability to manage multiple simultaneous projects
• Proven team management skills, including coaching and development of junior resources
• Ability to work as part of a team and independently with little management oversight
• Commercially focused and strong business development skill
• Comprehensive understanding of financial and non-financial systems, platforms and infrastructure (operating systems and databases), IT and cyber risks and controls testing, IT frameworks and standards (NIST, ISO 27001, ITIL, COBIT etc.)
• Comprehensive understanding of auditing and assurance standards, financial statement assertions and IT controls (general and application) relevant to assertions and financial reporting.