TaguigTechnology RiskConsultant Technology Riskcovers all-risk services where EY is providing independent assurance and the preparation towards assurance to our clients where the assurance can be used by our clients to build confidence and trust with their customers, the generalmarket/public, key stakeholders or when regulatory (by law or oversight) or contractually required. Engagements focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. Engagements may be either assurance (attestation) and/or riskadvisory in nature, and vary considerably in size and complexity.The OpportunityAll of our services whether assurance or advisory in nature are designed for the dual purpose of strengthening internal controls and, in so doing, helping to improve ITand business performance. In addition to assurance-related engagements such as financial attestation and SSAE 16 engagements, our IT risk advisory services focus on IT governance and effectiveness; IT program management and assurance; security and controls of ERP implementations; and business intelligence and information analysis.KEY RESPONSIBILITIES:Business Development
Develop and maintain client relationships to manage expectations of service, including work products, timing, and deliverables.Demonstrate a thoroughunderstanding of complex information systems and apply to client’s IT environmentClient Service Delivery
Provide high quality client service, working directly with onshore teams to understand and evaluate client’s IT environment
Working predominantly on off-shore engagements. Communication, written and verbal, with the local EY teams would be expected.Engagement Management:Understand the process workflow related to work requests from initiation through completion and how workflow is managed within the firm's online tool for audit monitoring and project management.Perform IT related controls testing and evaluation for Information SystemsPrepare test procedures based on control requirements and documentation of test results based on testing performedReport control deficiencies identified, to team Senior/Manager
Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the client's business.
Practice Development:Adherence toEYauditmethodologies (related to risk assessment and prioritization, risk responses, and risk management capability assessments), supporting tools and other
materials.Skills and attributes for success:
ØGood Exposure in (at least 1-3 year experience):
· IT General Controls across platforms (Application, Operating System, Database) for following areas:
§User Access Management
§ChangeManagement
§Backup and Recovery Management§Batch Job Management§Problem/Incident Management
IT Application Controls:Business Process cycles (Procure to Pay,Order to Cash, Inventory, Payroll,Treasury, Record to Report)
Generally accepted audit standards,and Corporate Internal Audit standards
·Experience with SOX, Internal Audit and SSAE 16 (At least 1 of 3)
ØWorking knowledge of:
System architecture, business processes and system risks
Application systems (SAP, Oracle, JD Edwards,Hyperion,Microsoft Nav, Salesforce, PeopleSoft)
Operating system and database platform (Windows2008/2012/2016, Unix, OS400,
Mainframe, SQL, Oracle, DB2, Red Hat Enterprise Linux 6/7,etc.)
Application and/or Database Administration (SQL, Oracle, Salesforce, Ultipro, Workday,etc)
Knowledgeable in Agile software methodologyand Cloud Technology
·Able to build Macros, VBA
ØGood understanding of industry standards and frameworks such as ISO/IEC 27001, COBIT5, ITIL, COSO etc.
ØStrong written, oralcommunication, and presentationskills.
ØPreferably with at least one of the following certifications–CISA, CISM, CRISC, CIA;non-certified hires are required to become certified within 1 year from the date of hire.To qualify, you must have:
A bachelor's degreeaccounting,computer science, information systems, engineering, or a related discipline
Previous roles–IT Audit Staff, IT Compliance Specialist, IT Internal Auditor Information Risk Consultant, Information Security Analyst and other related roles
Must be amenable to work in McKinley Hill, Taguig City or Ortigas
Successful candidate must work in excess of standard hours when necessary. A valid passport is required.
Technology RiskConsultant
Technology Riskcovers all-risk services where EY is providing independent assurance and the preparation towards assurance to our clients where the assurance can be used by our clients to build confidence and trust with their customers, the generalmarket/public, key stakeholders or when regulatory (by law or oversight) or contractually required. Engagements focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. Engagements may be either assurance (attestation) and/or riskadvisory in nature, and vary considerably in size and complexity.The OpportunityAll of our services whether assurance or advisory in nature are designed for the dual purpose of strengthening internal controls and, in so doing, helping to improve ITand business performance. In addition to assurance-related engagements such as financial attestation and SSAE 16 engagements, our IT risk advisory services focus on IT governance and effectiveness; IT program management and assurance; security and controls of ERP implementations; and business intelligence and information analysis.KEY RESPONSIBILITIES:Business Development
Develop and maintain client relationships to manage expectations of service, including work products, timing, and deliverables.Demonstrate a thoroughunderstanding of complex information systems and apply to client’s IT environmentClient Service Delivery
Provide high quality client service, working directly with onshore teams to understand and evaluate client’s IT environment
Working predominantly on off-shore engagements. Communication, written and verbal, with the local EY teams would be expected.Engagement Management:Understand the process workflow related to work requests from initiation through completion and how workflow is managed within the firm's online tool for audit monitoring and project management.Perform IT related controls testing and evaluation for Information SystemsPrepare test procedures based on control requirements and documentation of test results based on testing performedReport control deficiencies identified, to team Senior/Manager
Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the client's business.
Practice Development:Adherence toEYauditmethodologies (related to risk assessment and prioritization, risk responses, and risk management capability assessments), supporting tools and other
materials.Skills and attributes for success:
ØGood Exposure in (at least 1-3 year experience):
· IT General Controls across platforms (Application, Operating System, Database) for following areas:
§User Access Management
§ChangeManagement
§Backup and Recovery Management§Batch Job Management§Problem/Incident Management
IT Application Controls:Business Process cycles (Procure to Pay,Order to Cash, Inventory, Payroll,Treasury, Record to Report)
Generally accepted audit standards,and Corporate Internal Audit standards
·Experience with SOX, Internal Audit and SSAE 16 (At least 1 of 3)
ØWorking knowledge of:
System architecture, business processes and system risks
Application systems (SAP, Oracle, JD Edwards,Hyperion,Microsoft Nav, Salesforce, PeopleSoft)
Operating system and database platform (Windows2008/2012/2016, Unix, OS400,
Mainframe, SQL, Oracle, DB2, Red Hat Enterprise Linux 6/7,etc.)
Application and/or Database Administration (SQL, Oracle, Salesforce, Ultipro, Workday,etc)
Knowledgeable in Agile software methodologyand Cloud Technology
·Able to build Macros, VBA
ØGood understanding of industry standards and frameworks such as ISO/IEC 27001, COBIT5, ITIL, COSO etc.
ØStrong written, oralcommunication, and presentationskills.
ØPreferably with at least one of the following certifications–CISA, CISM, CRISC, CIA;non-certified hires are required to become certified within 1 year from the date of hire.To qualify, you must have:
A bachelor's degreeaccounting,computer science, information systems, engineering, or a related discipline
Previous roles–IT Audit Staff, IT Compliance Specialist, IT Internal Auditor Information Risk Consultant, Information Security Analyst and other related roles
Must be amenable to work in McKinley Hill, Taguig City or Ortigas
Successful candidate must work in excess of standard hours when necessary. A valid passport is required.
