Job Description
We are seeking a highly skilled IT Risk & Enterprise Services professional with a strong focus on Management & Control Testing. As a key member of our team, you will play a vital role in assessing the effectiveness of internal controls, identifying potential risks, and recommending improvements to enhance the organization’s risk management framework.
Key Responsibilities:
- Risk Assessment and Planning:
- Develop and execute risk assessments to identify key risks and control areas.
- Develop comprehensive test plans and procedures to assess the design and operating effectiveness of controls.
- Control Testing:
- Perform detailed testing of key controls across various IT domains, including:
- Application controls (e.g., input controls, processing controls, output controls)
- General IT controls (e.g., access controls, change management, system development and maintenance controls)
- Infrastructure controls (e.g., network security, data center controls)
- Utilize a variety of testing techniques, such as walkthroughs, inquiries, inspections, re-performance, and data analysis.
- Perform detailed testing of key controls across various IT domains, including:
- Issue Identification and Reporting:
- Identify control deficiencies and potential risks.
- Document findings clearly and concisely in a professional manner.
- Prepare detailed reports summarizing test results, control observations, and recommendations.
- Follow-up and Remediation:
- Monitor the remediation of identified control deficiencies.
- Verify the effectiveness of corrective actions implemented by management.
- Continuous Improvement:
- Stay updated on industry best practices, regulatory requirements, and emerging risks.
- Proactively identify opportunities to enhance the organization’s risk management and control framework.
Required Skills and Experience:
- Strong understanding of IT risk management frameworks (e.g., COBIT, ISO 27001, NIST Cybersecurity Framework)
- Experience in performing IT audits and control assessments
- Knowledge of relevant regulatory requirements (e.g., SOX, GDPR, HIPAA)
- Proficiency in using data analysis tools (e.g., SQL, Excel)
- Strong analytical and problem-solving skills
- Excellent communication and interpersonal skills
- Ability to work independently and as part of a team
Preferred Skills:
- Certification in IT audit or risk management (e.g., CISA, CISM, CRISC)
- Experience with IT automation tools (e.g., RPA, scripting languages)
- Knowledge of emerging technologies and their associated risks (e.g., cloud computing, AI, IoT)
If you are a highly motivated and detail-oriented individual with a passion for IT risk management, we encourage you to apply.