Technology RiskSenior Consultant Technology Riskcovers all risk services where EY is providing independent assurance and the preparation towards assurance to our clients where the assurance can be used by our clients to build confidence and trust with their customers, the general market/public, key stakeholders or when regulatory (by law or oversight) or contractually required. Engagements focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. Engagements may be either assurance (attestation) and/or risk advisory in nature, and vary considerably in size and complexity.
The Opportunity
All of our services whether assurance or advisory in nature are designed for the dual purpose of strengthening internal controls and, in so doing, helping to improve IT and business performance. In addition to assurance-related engagements such as financial attestation and SSAE 16 engagements, our IT risk advisory services focus on IT governance and effectiveness; ITprogram management and assurance; security and controls of ERP implementations; and business intelligence and information analysis.KEY RESPONSIBILITIES:Business Development
Develop and maintain client relationships to manage expectations of service, including work products, timing, and deliverables
Demonstrate a thorough understanding of complex information systems and apply to client’s IT environment
Client Service Delivery
Provide high quality client service, working directly with onshore teams to understand and evaluate client’s IT environment
Working predominantly on off-shore engagements. Communication, written and verbal, with the local EY teams would be expected
Engagement Management:
Understand the process workflow related to work requests from initiation through completion and how workflow is managed within the firm's online tool for audit monitoring and project management
Perform IT related controls testing and evaluation for Information Systems
Prepare test procedures based on control requirements and documentation of test results based on testing performed
Report control deficiencies identified to management and business clients
Review Consultant’s work papers and provide guidance in performing test proceduresLead kick-off and status update calls with onshore team
Provide update to Engagement Manage on the work status and result of audit review
Practice Development:
Adherence toEYauditmethodologies (related to risk assessment and prioritization, risk responses, and risk management capabilityassessments), supporting tools and other materials.
Skills and attributes for success:
Extensivein (at least4-6yearexperience):
o IT General Controls across platforms (Application, Operating System, Database) for following areas:
User Access ManagementChange Management
Backup and Recovery ManagementBatch Job ManagementProblem/Incident Management
o IT Application Controls :Business Process cycles (Purchase to Payable; Revenue & Receivables; Inventory; Payroll; Treasury)
oGenerallyaccepted audit standards, and Corporate Internal Audit standardsoExperience with SOX, Internal Audit and SSAE 16 (At least 1 of 3)
Working knowledge of:
oSystem architecture, business processes and system risks
oApplication systems (SAP, Oracle, JD Edwards, Hyperion, Microsoft Nav, Salesforce, PeopleSoft)
oOperating system and database platforms (Windows2008/2012/2016, Unix, OS400, Mainframe, SQL, Oracle, DB2, Red Hat Enterprise Linux 6/7,etc.)
oApplication and/orDatabase Administration (SQL, Oracle, Salesforce, Ultipro, Workday, etc)
oKnowledgeable in Agile software methodologyand Cloud TechnologyoAble to build Macros, VBA
Good understanding of industry standards and frameworks such as ISO/IEC 27001, COBIT, ITIL, COSO etc.
Excellentwritten, oralcommunication, and presentation skills
Experiencein supervising staff or engagement team
With at least one of the following certifications–CISA, CISM, CRISC, CIA; non-certified hires are required to becomecertified within 1 year from the date of hire.
To qualify, you must have:
A bachelor's degreeaccounting,computer science, information systems, engineering, or a related discipline
Previous roles–IT Audit Supervisor, IT Compliance Lead, IT InternalAudit Lead, Information Risk Senior Consultant, Information Security Supervisorand other related roles
Must be amenable to work in McKinley Hill, Taguig City or Ortigas
Successful candidate must work in excess of standard hours when necessary.
A validpassport is required.
Technology RiskSenior Consultant
Technology Riskcovers all risk services where EY is providing independent assurance and the preparation towards assurance to our clients where the assurance can be used by our clients to build confidence and trust with their customers, the general market/public, key stakeholders or when regulatory (by law or oversight) or contractually required. Engagements focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. Engagements may be either assurance (attestation) and/or risk advisory in nature, and vary considerably in size and complexity.
The Opportunity
All of our services whether assurance or advisory in nature are designed for the dual purpose of strengthening internal controls and, in so doing, helping to improve IT and business performance. In addition to assurance-related engagements such as financial attestation and SSAE 16 engagements, our IT risk advisory services focus on IT governance and effectiveness; ITprogram management and assurance; security and controls of ERP implementations; and business intelligence and information analysis.KEY RESPONSIBILITIES:Business Development
Develop and maintain client relationships to manage expectations of service, including work products, timing, and deliverables
Demonstrate a thorough understanding of complex information systems and apply to client’s IT environment
Client Service Delivery
Provide high quality client service, working directly with onshore teams to understand and evaluate client’s IT environment
Working predominantly on off-shore engagements. Communication, written and verbal, with the local EY teams would be expected
Engagement Management:
Understand the process workflow related to work requests from initiation through completion and how workflow is managed within the firm's online tool for audit monitoring and project management
Perform IT related controls testing and evaluation for Information Systems
Prepare test procedures based on control requirements and documentation of test results based on testing performed
Report control deficiencies identified to management and business clients
Review Consultant’s work papers and provide guidance in performing test proceduresLead kick-off and status update calls with onshore team
Provide update to Engagement Manage on the work status and result of audit review
Practice Development:
Adherence toEYauditmethodologies (related to risk assessment and prioritization, risk responses, and risk management capabilityassessments), supporting tools and other materials.
Skills and attributes for success:
Extensivein (at least4-6yearexperience):
o IT General Controls across platforms (Application, Operating System, Database) for following areas:
User Access ManagementChange Management
Backup and Recovery ManagementBatch Job ManagementProblem/Incident Management
o IT Application Controls :Business Process cycles (Purchase to Payable; Revenue & Receivables; Inventory; Payroll; Treasury)
oGenerallyaccepted audit standards, and Corporate Internal Audit standardsoExperience with SOX, Internal Audit and SSAE 16 (At least 1 of 3)
Working knowledge of:
oSystem architecture, business processes and system risks
oApplication systems (SAP, Oracle, JD Edwards, Hyperion, Microsoft Nav, Salesforce, PeopleSoft)
oOperating system and database platforms (Windows2008/2012/2016, Unix, OS400, Mainframe, SQL, Oracle, DB2, Red Hat Enterprise Linux 6/7,etc.)
oApplication and/orDatabase Administration (SQL, Oracle, Salesforce, Ultipro, Workday, etc)
oKnowledgeable in Agile software methodologyand Cloud TechnologyoAble to build Macros, VBA
Good understanding of industry standards and frameworks such as ISO/IEC 27001, COBIT, ITIL, COSO etc.
Excellentwritten, oralcommunication, and presentation skills
Experiencein supervising staff or engagement team
With at least one of the following certifications–CISA, CISM, CRISC, CIA; non-certified hires are required to becomecertified within 1 year from the date of hire.
To qualify, you must have:
A bachelor's degreeaccounting,computer science, information systems, engineering, or a related discipline
Previous roles–IT Audit Supervisor, IT Compliance Lead, IT InternalAudit Lead, Information Risk Senior Consultant, Information Security Supervisorand other related roles
Must be amenable to work in McKinley Hill, Taguig City or Ortigas
Successful candidate must work in excess of standard hours when necessary.
A validpassport is required.
