Grant Thornton Careers

IT Risk Senior Associate – GT Careers


Website Grant Thornton

Position Summary:

The Advisory IT Risk – Senior Associate is an integral team member that is responsible for delivering a variety of IT-oriented Risk Advisory projects to multiple public and private company clients across a variety of industries. Responsibilities include planning, executing, and reporting on internal control and internal audit engagements that develop, assess, or help improve the design and operating effectiveness of IT risk management and internal control activities. The Senior Associate works closely with Partners, Principals, Managing Directors, Senior Managers, Directors, and Managers, and plays a key role in innovative project delivery, client relationship management, and business development.

Key Responsibilities:

  • Support engagement Manager and/or Senior Manager/Director in preparing and managing engagement project plans, timelines, budgets, economics, and status reporting.
  • Adhere to Firm policies, procedures, and methodologies, including strict protection of client confidentiality.
  • Participate in relevant professional organizations (ISACA, etc.)
  • Actively participate and lead client engagements from start to completion, which includes planning, executing, and reporting on co-sourced and out-sourced IT internal audits, IT internal control reviews, IT risk management program assessments, and tests of IT controls (IT general controls, application controls, interface controls, key reports, etc.) as part of management’s internal control over financial reporting (ICFR) Sarbanes Oxley (SOX) compliance program.
  • Work with client to deliver services in accordance with project leadership and client expectations (gather information, resolve problems, recommend internal control enhancement opportunities, etc.).
  • Applying knowledge of IT trends, systems and processes, evaluate findings for significance and risk, and develop recommendations for improvement based on leading practice.
  • Work collaboratively across Advisory Business Lines (Risk, Strategy and Transaction and Transformation and with other Service Lines (e.g., Audit Services and Tax Services).
  • Obtain an understanding of clients’ business, objectives, strategy, operations, processes, IT systems, and controls.
  • Bring an innovative and analytical mindset to help our clients solve business issues and enable more efficient project execution.
  • Develop and maintain good working relationships with colleagues and clients.
  • Supervise, train, and mentor Associates and Interns on engagements, and assess performance and provide feedback.
  • Develop and execute IT internal audit workplans and control test procedures based on engagement scope, and client environment risk factors.
  • Participate in recruiting efforts.

Required Education & Experience:

  • Experience with assessing GRC and Identity and Access Management (IAM) solutions a plus.
  • Strong understanding of IT general controls, and current focus areas of external financial statement auditors (completeness and accuracy of key reports, level of precision, etc.)
  • CISA, CISSP, CISM, or CPA license/certification preferred.
  • Experience assessing the configuration and controls of SAP ECC, S/4 HANA, etc. (BASIS and security administration, process controls, etc.) is a strong positive.
  • Two (2) to six (6) years of related work experience with a professional services firm, or as part of a Company’s Internal Audit, Internal Controls Risk Management, Information Security or Risk Management functions.
  • Experience assessing the configuration and controls of Enterprise Resource Planning (ERP) systems (SAP, Oracle, PeopleSoft, JD Edwards, etc.) a plus.
  • Controls experience surrounding on-premise and cloud-based Enterprise Resource Planning (ERP) systems and business applications (Oracle, Workday, Infor, NetSuite, etc.).
  • Understanding of prevailing IT risk management and cybersecurity risk management standards (COBIT, NIST CSF, etc.)
  • Experience in assessing the design and operating effectiveness of IT risk management and IT controls (IT general controls, application controls, etc.) for Internal Audit, SOX compliance, or other risk management activities.
  • Bachelor’s degree in Information Technology, Management Information Systems, Accounting, Finance, Business Intelligence, or related field. A Master’s degree is a plus.
  • Experience with assessing at least one (preferably multiple) operating system (OS/400, Windows, UNIX, etc.), database system (Oracle, SQL, etc.), and IT infrastructure / network component (domain controllers, firewalls, routers, intrusion prevention / detection solutions, etc.).
Apply Here