FS-RISK CONSULTING-DIGITAL RISK-MANAGER

JOB DESCRIPTION--Manager -FS TR- ITC - Tech Risk

Job Summary

As a TR-ITC manager , you ll contribute technically to Risk Assurance client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You ll also identify potential business opportunities for EY within existing engagements and escalate these as appropriate. Similarly, you ll anticipate and identify risks within engagements and share any issues with stakeholders as required.

In line with EY s commitment to quality, you ll confirm that work is of high quality and is reviewed by the next-level reviewer(client/onshore). As an influential member of the team, you ll help to create a positive learning culture, coach and counsel junior team members and help them to develop.

Your key responsibilities

• Participate in IT Risk and Assurance engagements.
• Proficiency in using audit software tools, data analytics techniques, and IT auditing techniques. Strong analytical skills are necessary for interpreting technical data, identifying patterns, anomalies, and areas of concern.
• Understanding of regulatory requirements and industry standards related to IT governance, data protection, privacy, and cybersecurity. This includes regulations such as GDPR, HIPAA, PCI-DSS, and industry frameworks like COBIT and NIST Cybersecurity Framework.
• Knowledge of IT governance principles, structures, and processes to ensure that IT activities align with business objectives, comply with regulations, and mitigate risks appropriately.
• Proficiency in identifying, assessing, and managing IT-related risks to ensure that adequate controls are in place to mitigate potential threats to the organizations information assets, systems, and operations.
• Familiarity with IT auditing principles, techniques, and tools to assess the effectiveness of IT controls, identify control deficiencies, and recommend remediation actions.
• Proficiency in understanding IT systems, networks, applications, and infrastructure to design and implement controls effectively. This includes knowledge of common technology platforms, such as operating systems, databases, cloud services, and cybersecurity tools.
• Strong project management skills are necessary for planning, coordinating, and executing internal control initiatives effectively. This includes managing resources, timelines, budgets, and deliverables to ensure that control objectives are achieved in a timely and efficient manner.
• The ability to lead and mentor a team of IT control professionals, providing guidance, support, and development opportunities. Strong leadership qualities include decision-making, delegation, conflict resolution, and fostering a collaborative work environment.
• Building and maintaining effective relationships with key stakeholders, including senior management, IT leadership, internal auditors, external auditors, and regulatory authorities. This involves understanding stakeholder expectations, managing communications, and addressing concerns in a collaborative and constructive manner.
• Work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating senior team members on progress
• Establish Cloud process, risk, and control metrics that prioritize high-risk services and capabilities and are designed to be monitored, ensuring risk reduction can be accurately measured in real time
• Lead risk assessments and control testing for applications and workloads being migrated to Cloud, to identify potential security risks and compliance gaps.

Skills and attributes for success

• Experience in application controls and Information security experience.
• Ability to build relationships with key stakeholders across different levels of seniority.
• Strong written and verbal communication skills
• Conduct performance reviews and contribute to performance feedback for the team.

To qualify for the role, you must have

• Preferably Bachelor s degree in (Finance/Accounting, Electronics, Electronics Telecommunications, Comp. Science)/MBA/M.Sc./CA
• Minimum of 7-8 years of experience in internal controls and Internal Audit
• Enterprise risk services with specific focus on IT and related industry standards
• IT Risk Assurance framework
• Control frameworks such as COSO, internal control principles and related regulations including SOX and J-SOX
• Preferred security skills related to a broad range of operating systems, databases or security tools, e.g., UNIX, Linux, Windows 2000 and NT, firewalls and IDS systems
• Familiarity with IT analysis, delivery and operations methods, including ITGC, ITAC,SDLC, PAM and CM
• Familiarity with security and risk standards such as ISO 27001-2, PCI DSS, NIST, ITIL, COBIT
• Experience of security testing methods and techniques including network, operating and application system configuration review
• Application controls and security experience:
  • sensitive access and SOD testing
  • controls testing
  • Knowledge of data analysis tools like MS Excel, MS Access, MS SQL Server, ACL, Monarch, etc.
• Preferred Certifications: CISA

We believe that you should own and shape your career. But we ll provide the support and opportunities to develop the skills, knowledge and experience to succeed. The strength of our global network, combined with local empowerment and a relentless focus on winning in specific markets, means you ll interact and team with individuals from various geographies and sectors. So, whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.

At EY, we re dedicated to helping our clients, from start-ups to Fortune 500 companies and the work we do with them is as varied as they are.

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: