Grant Thornton LLP (Grant Thornton) is the U.S. member firm of Grant Thornton International Ltd, one of the world's leading organizations of independent audit, tax and advisory firms. We've never been a typical professional services firm. We put people first, and that is what sets us apart.
Business Risk Services - Controls Advisory Information Technology (IT) Risk & Control Senior Associate
Grant Thornton's Advisory professionals are progressive thinkers who create, protect, and transform value today so our clients have the opportunity to thrive and grow. Our Advisory practice creates holistic solutions delivered by innovative, curious professionals who bring technical depth and industry insight to our clients. Business Risk Services protects value. The Business Risk Services (BRS) practice includes Risk Advisory Services and Forensic Advisory Services. Within Risk Advisory Services, we focus on helping clients in the following areas:
Corporate Governance and Enterprise Risk Management
Cybersecurity Risk Management
Compliance and Operational Risk Management
Third party Risk Management
Controls Advisory (Internal controls, Internal Audit, and risk analytics)
Governance Risk & Compliance (GRC) technology enablement
The Business Risk Services (BRS) Controls Advisory IT Risk & Control Senior Associate is responsible for delivering a range of IT-oriented risk advisory projects to multiple public and private company clients across a variety of industries. Responsibilities include planning, executing, and reporting on internal control and internal audit engagements that develop, assess, or help improve the design and operating effectiveness of IT risk management and internal control activities. The Senior Associate works closely with Partners, Principals, Managing Directors, Senior Managers, Directors, and Managers, and plays a key role in project delivery, client relationship management, and business development.
Essential Duties and Responsibilities
Run client engagements from start to completion, which includes planning, executing, and reporting on co-sourced and out-sourced IT internal audits, IT internal control reviews, IT risk management program assessments, and tests of IT controls (IT general controls, application controls, interface controls, key reports, etc.) as part of management's internal control over financial reporting (ICFR) Sarbanes Oxley (SOX) compliance program, and for System & Organization Control (SOC) reporting
Support engagement Manager and/or Senior Manager/Director in preparing and managing engagement project plans, timelines, budgets, and economics
Supervise, train, and mentor Associates and Interns on engagements, and assess performance.
Obtain an understanding of clients' business, objectives, strategy, operations, processes, IT systems, and controls
Develop and execute IT internal audit workplans and control test procedures based on engagement scope, and client environment risk factors
Applying knowledge of IT trends, systems and processes, evaluate findings for significance and risk, and develop recommendations for improvement based on leading practice
Work with client to deliver services in accordance with project leadership and client expectations (gather information, resolve problems, recommend internal control enhancement opportunities, etc.)
Develop and maintain good working relationships with clients to enhance client satisfaction
Work collaboratively across Advisory Business Lines (ABLs) and with other Service Lines (e.g., Audit Services and Tax Services)
Adhere to Firm policies, procedures, and methodologies.
Participate in recruiting efforts.
Meet or exceed targeted billing hours (utilization) and other defined performance metrics.
Participate in business development activities and proposal development as appropriate.
Other duties as assigned.
Bachelor's degree in Accounting, Finance, Information Technology, Management Information Systems, Business Intelligence, or related field. A Master's degree is a plus.
Two (2) to six (6) years of related work experience with a professional services firm, or as part of an Internal Audit function.
CISA, CISSP, CISM, or CPA license/certification preferred.
Experience in assessing the design and operating effectiveness of IT risk management and IT controls (IT general controls, application controls, etc.) for Internal Audit, SOX compliance, or other risk management activities.
Understanding of prevailing IT risk management and cybersecurity risk management standards (COBIT, NIST CSF, etc.)
Experience assessing the configuration and controls of Enterprise Resource Planning (ERP) systems (SAP, Oracle, PeopleSoft, JD Edwards, etc.) a plus.
Experience assessing the configuration and controls of SAP ECC, S/4 HANA, etc. (BASIS and security administration, process controls, etc.) a strong positive.
Strong understanding of IT general controls, and current focus areas of external financial statement auditors (completeness and accuracy of key reports, level of precision, etc.)
Experience with assessing GRC and Identity and Access Management (IAM) solutions a plus.
Experience with assessing at least one (preferably multiple) operating system (OS/400, Windows, UNIX, etc.), database system (Oracle, SQL, etc.), and IT infrastructure / network component (domain controllers, firewalls, routers, intrusion prevention / detection solutions, etc.).
Experience leveraging ACL, IDEA, QlikView / QlikSense, Tableau, Spotfire, or other analytics and visualization solutions a plus.
Ability to supervise staff and lead projects.
Exceptional client service and communication skills, with a demonstrated ability to develop and maintain outstanding relationships.
Ability to manage multiple projects and competing priorities in a rapidly growing, fast-paced, interactive, results-based team environment.
Strong leadership, recruiting, training, and mentoring skills, coupled with excellent oral, written, and presentation skills.
Excellent analytical, organizational and project management skills.
Strong computer skills, including proficiency in Microsoft Visio and Office Suite applications.
Ability to work additional hours as needed and travel on a regular basis to clients as required.
Grant Thornton LLP promotes a nationally recognized culture of health and offers an extensive array of benefits to meet individual lifestyles. For a complete list of benefits, please visit www.gt.com.
Founded in Chicago in 1924, Grant Thornton LLP (Grant Thornton) is the U.S. member firm of Grant Thornton International Ltd., one of the world's leading organizations of independent audit, tax and advisory firms.
Grant Thornton works with a broad range of publicly- and privately-held companies, government agencies, financial institutions, and civic and religious organizations. Core industries served include consumer and industrial products, financial services, not-for-profit, private equity, and technology. Grant Thornton focuses on serving dynamic organizations that pursue growth holistically whether through revenue improvement, leadership, mission fulfillment or innovation.
It is Grant Thornton's policy to promote equal employment opportunities. All personnel decisions, including, but not limited to, recruiting, hiring, training, promotion, compensation, benefits and termination, are made without regard to race, creed, color, religion, national origin, sex, age, marital status, sexual orientation, gender identity, citizenship status, veteran status, disability or any other characteristic protected by applicable federal, state or local law.
Grant Thornton LLP