Description

IT Risk Advisory Manager lead information technology audits, operational risk-based audits and consulting engagements to include assessing risks, developing audit plans and programs, performing audits, and evaluating/reporting on internal controls. These Managers also conduct day-to-day project management activities on all their engagements including project plan development, status update deliveries to clients & internal leaders, and training & mentoring of Staff and Senior Consultants. Specific responsibilities entail:

• Gaining an understanding of assigned clients’ objectives as well as their regulatory and risk management environment.
• Communicating extensively with clients to drive expectations and report on the status of ongoing projects.
• Setting priorities, ensuring daily coordination among the project team, and monitoring progress against schedules, budgets, project/task deliverables and status reporting.
• Planning, reviewing, and providing direction for the work of Staff and Senior Consultants.
• Managing and motivating Consultants with various backgrounds and skill sets.
• Obtaining and analyzing data as a basis for reviewing the adequacy, effectiveness, and efficiency of systems and processes.
• Leading IT general controls (ITGC) audits.
• Maintaining the level of technical competency and professional care required for the completion of assignments in accordance with auditing standards and related control techniques.
• Evaluating processes and controls for compliance with relevant existing or proposed laws and regulations, established policies, plans and procedures.
• Assessing internal controls’ design adequacy to mitigate financial, operational and compliance risks and to test their operating effectiveness.
• Developing and implementing audit programs and procedures, then reviewing each for adequacy.
• Preparing audit reports and recommending improvements to IT controls and operational processes.
• Delivering oral and written presentations during and at the conclusion of audits.
• Presenting findings, risk analyses, and recommendations to executive leadership.
• Staying abreast of new technology, emerging risk areas, and related control techniques.
• Appraising the adequacy of corrective actions taken to remediate deficiencies identified during audits.
• Participating in pre-and post-implementation control reviews of major system development proposals.
• Providing exceptional service to clients, always serving as a positive brand ambassador.
• Maintaining a network of industry contacts and establishing new long-term relationships.
• Contributing to business development activities.
  
  

Qualifications

Required Qualifications:

• Bachelor's and/or Master’s degree in Management Information Systems, Computer Science, Information Technology, Cybersecurity, or another relevant field.
• Information Systems Auditor Certification (CISA).
• Minimum of five (5) years of current or recent IT Audit, IT Risk, and/or IT Compliance experience including at least one (1) year with a consulting firm.
• Minimum of one year of current or recent experience servicing commercial consulting clients.
• Knowledge across the following technologies: AWS, Azure, Salesforce, Office 365, JIRA/Confluence, Active Directory, and Relational Databases (MySQL, SQL Server, etc.).
• Expertise with at least two of the following regulations/frameworks: SOX, SOC 1 & 2, NIST CSF, ISO 27001, HIPAA, PCI, COBIT and/or GDPR.
• Demonstrated knowledge of business risks and effective systems of internal controls.
• Working knowledge of operating policies and standards as well as compliance issues.
• Experience reviewing, considering, criticizing, and/or auditing IT and operational controls or process improvements.
• Project management experience including workflow balancing, activity scheduling, problem solving facilitation, prioritizing multiple complex tasks, and meeting deadlines.
• Experience effectively mentoring, coaching, and developing employees.
• Unwavering integrity and ethics.
• Experience interacting with clients, establishing credibility, trust and healthy relationships.
• Demonstrable examples of innovative thinking and problem solving.
• Strong communication skills with the ability to convey complex auditing information and business risks to non-technical audiences.
• Effective public speaking skills with the ability to prepare and deliver presentations.
• Willingness and ability to travel, on occasion, to client sites across the country, as dictated by business need.
  
  

Preferred Qualifications

• Minimum five (5) years of IT Audit, IT Risk, and/or IT Compliance experience servicing commercial clients with a management consulting firm(s).
• Experience conducting deep dive cybersecurity assessments.
• Experience managing / supervising direct reports.
• CISSP, CISM, CGEIT, CRISC, CIA, and/or CPA.
• Demonstrable experience with AI and/or BI/analytics tools that improve audit efficiency and effectiveness.