Senior IT Risk Consulting Associate

The Senior Associate in IT SOX within Technology Risk Consulting

The Senior Associate in IT SOX within Technology Risk Consulting plays a vital role in assessing and enhancing IT controls to ensure Sarbanes-Oxley (SOX) compliance and regulatory adherence. This client-facing position involves performing IT audit activities, including evaluating IT General Controls, Application Controls, and SOC 1 & SOC 2 reporting. The role demands strong analytical skills, knowledge of frameworks like COBIT, NIST, and ISO 27001, and hands-on experience with ERP audits and risk management. Excellent communication, project management skills, and a commitment to delivering high-quality consulting services are essential for success in this dynamic and Key Responsibilities :

- Develop an understanding of the Technology Risk Consulting approach, methodology and tools

- Develop an understanding of the Industry leading frameworks and methodologies for Sarbanes-Oxley, COBIT, NIST and ITIL

- Demonstrate understanding of business processes, internal control risk management, IT controls, and related regulatory and compliance standards

- Perform technology risk assessments and reviewing, documenting, evaluating controls design and operating effectiveness, IT internal audit consulting activities (internal audits over ERP systems, IT security, and other IT systems), perform external audit assurance activities, and perform service organization control services activities related to SSAE18 SOC 1 and SOC 2 reporting services

- Performing risk analysis by reviewing the information security policy documents against industry standards/ regulatory requirements and drafting risk reports, which summarize the information security assessment including any risks to the organization

- Perform first level review of associates work for accuracy, completeness, and well-reasoned conclusions

- Review and complete status documents for client delivery

- Execute components of IT audits under offshore delivery model in an effective and efficient manner

- Use problem solving and critical thinking skills to quickly identify internal control deficiencies, evaluate their risk implications, and draw the appropriate conclusions to best advise our clients

- Exercise professional skepticism, judgment and adhere to the code of ethics while on engagements

- Ensure that documentation is compliant with quality standards of the firm

- Work collaboratively as a part of the team and communicate effectively with consulting professionals, supervisors, and senior management in the U.S. on a daily basis

- Manage multiple concurrent engagements and ensure service excellence through prompt responses to internal and external clients

- Provide timely, high quality client service that meets or exceeds client expectations including coordinating the development and execution of the consulting work plan and client deliverables

- Understand and Intergrated Services India Private Limited. LOBs and work as a team in providing an integrated service delivery

- Ensure professional development through ongoing and Minimum Entry Requirements :

- B.Tech/MCA/MBA with 3 - 5 Years of relevant experience in Information Technology/Security Controls, SSAE 18, SOC reports, IT

Audits, IT General Controls, IT Application Controls and ERP Audits.

- Candidate should have intermediate knowledge of financials, operations and technology and its related risks

- Candidate should have good knowledge for SOC 1, SOC 2, ICFR, IT General Controls, IT Application Controls, Information security and risk management frameworks/ standards (ISO 27001, NIST, COBIT, ITIL, PCI.)

- Qualified to pursue a job-relevant certification (CIA, CISA, CMA, ISO, CRISC, CISSP)

- Strong Data Analytical skills including advanced Excel skills (VLOOKUP's, pivot tables, and basic formulas), Word and PowerPoint

- MS Visio skills to develop process and data flow diagrams

- Strong multi-tasking and project management skills

- Excellent verbal and written communication (English) as this a client facing role and it requires frequent communications with International clients.

(ref:hirist.tech)

---