BDO's Core Purpose is Helping People Thrive Every Day. Our Core Values reflect how we manage our work, our relationships and ourselves. As an employee of the firm, you will live true to our Core Values of people first, being exceptional every day in every way, embracing change, feeling empowered through knowledge and choosing accountability. Our Core Values are the standards by which we conduct ourselves day in and day out, both internally and externally.
The SOC Audit Experienced Senior Associate (Cloud) will be responsible for coordinating the day-to-day in-charge duties of planning, fieldwork and wrap-up for the preparation of third party attestation reports, including Service Organization Control (SOC) 1, SOC 2, and WebTrust for CAs and others, applying most areas of the governing standard as necessary and documenting, validating, testing and assessing various control systems. This position may also be involved in other advisory engagements to help companies address their cloud, security and privacy risk management and compliance requirements.
Bachelor's degree in Accounting, Computer Science, Management Information Systems or other relevant field, required
Master's degree in Accounting or Information Systems or other relevant advanced degree, preferred
Three (3) or more years of prior experience in internal or external audit, required
One (1) or more years of prior supervisory experience, preferred
Experience performing internal control reviews preferred
Experience performing SOC, WebTrust, ISO 27001, and security/privacy advisory engagements, preferred
Proficiency in Microsoft Office Suite, specifically Word, Excel and PowerPoint, preferred
Prior experience with cloud technology platforms and tools, security and operational IT controls, PKI and encryption technology, preferred
Other Knowledge, Skills & Abilities:
Basic understanding and experience planning and coordinating the stages to perform technology-focused audits and assessments
Knowledge of internal controls, security, privacy, audit and control frameworks (e.g. SOC 2, ISO 27001, NIST 800-53), and relevant professional standards and regulations.
Knowledge of cloud infrastructure management, DevOps and CI/CD, system access management, vulnerability management, and encryption systems management desired.
Strong verbal and written communication skills with the ability to adapt style and messaging to effectively communicate with professionals at all levels both within the client organization and the firm
Ability to successfully multi-task while working independently and within a group environment
Solid analytical and diagnostic skills and ability to break down complex issues and implementing appropriate resolutions
Capable of working in a demanding, deadline driven environment with a focus on details and accuracy
Solid project management skills
Ability to travel up to 40%
Ability to successfully interact with professionals at all levels