Develop an understanding of the RSM Technology Risk Consulting approach, methodology and tools
Develop an understanding of the Industry leading frameworks and methodologies for Sarbanes-Oxley, COBIT, NIST and ITIL
Demonstrate understanding of business processes, internal control risk management, IT controls, and related regulatory and compliance standards
Perform technology risk assessments and reviewing, documenting, evaluating control's design and operating effectiveness, IT internal audit consulting activities (internal audits over ERP systems, IT security, and other IT systems)
Perform external audit assurance activities, and perform service organization control services activities related to SSAE18 SOC 1 and SOC 2 reporting services
Performing risk analysis by reviewing the information security policy documents against industry standards/ regulatory requirements and drafting risk reports, which summarize the information security assessment including any risks to the organization
Perform first level review of associates work for accuracy, completeness, and well-reasoned conclusions
Review and complete status documents for client delivery
Use problem solving and critical thinking skills to quickly identify internal control deficiencies, evaluate their risk implications, and draw the appropriate conclusions to best advise our clients
Exercise professional skepticism, judgment and adhere to the code of ethics while on engagements
Ensure that documentation is compliant with quality standards of the firm
Work collaboratively as a part of the team and communicate effectively with RSM consulting professionals, supervisors, and senior management on a daily basis
Manage multiple concurrent engagements and ensure service excellence through prompt responses to internal and external clients
Provide timely , high quality client service that meets or exceeds client expectations including coordinating the development and execution of the consulting work plan and client deliverables
Ensure professional development through ongoing education
Required Qualifications:
Bachelor's or Master's Degree in business, management information systems, computer and information science, accounting or related discipline with minimum of 2-4 Years of relevant experience in Information
Technology/Security Controls, SSAE 18, SOC reports, IT Audits, IT General Controls, IT Application Controls and ERP Audits.
Candidate should have intermediate knowledge of financials, operations and technology and its related risks
Candidate should have good knowledge for SOC 1, SOC 2, ICFR, IT General Controls, IT Application Controls, Information security and risk management frameworks/ standards (ISO 27001, NIST, COBIT, ITIL, PCI.)
Requirements
Qualified to pursue a job-relevant certification (CISA, CISM, CRISC, CISSP)
Strong Data Analytical skills including advanced Excel skills (VLOOKUP's, pivot tables, and basic formulas), Word and PowerPoint
MS Visio skills to develop process and data flow diagrams
Strong multi-tasking and project management skills
Excellent verbal and written communication
Additional Information
We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, culture and talent experience and our ability to be compelling to our clients. You'll find an environment that inspires and empowers you to thrive both personally and professionally. There's no one like you and that's why there's nowhere like RSM.
The Technology Risk Consulting Senior Associate will be an integral team member by assisting with planning engagements, conducting fieldwork, discussing findings and observations during client exit meetings, preparing work papers to support conclusions, reviewing staff work papers, and preparing written attestation reports. The candidate should have a strong knowledge-level of financial, operational, and/or information technology, internal controls, identifying risks and related controls, as well as performing test work of identified significant controls. The candidate should also be capable of conducting audit and attestation engagements independently and in-charging an engagement team.
Rsm · San Francisco