Technology Risk Consultant Technology Risk covers all risk services where EY is providing independent assurance and the preparation towards assurance to our clients where the assurance can be used by our clients to build confidence and trust with their customers, the general market/public, key stakeholders or when regulatory (by law or oversight) or contractually required. Engagements focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. Engagements may be either assurance (attestation) and/or risk advisory in nature, and vary considerably in size and complexity.The Opportunity
All of our services whether assurance or advisory in nature are designed for the dual purpose of strengthening internal controls and, in so doing, helping to improve IT and business performance. In addition to assurance-related engagements such as financial attestation and SSAE 16 engagements, our IT risk advisory services focus on IT governance and effectiveness; IT program management and assurance; security and controls of ERP implementations; and business intelligence and information analysis.Your key responsibilities:Execute and participate in performing procedures especially focusing on complex, judgmental and/or specialized issues and share knowledge with team members. Work with the team and the client to create plans for accomplishing engagement objectives and a strategy that complies with professional standards and addresses the risks inherent in the engagement.Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the client's business.Skills and attributes for success:
Experience working as an IT auditor or IT risk adviser for a public accounting firm, a professional services firm, or within industry
Experience in having applied relevant technical knowledge in at least one of the following engagements: (a) financial audit IT integrations; (b) IT internal audits; (c) IT attestations (SSAE 16/SOC 1 or SOC 2 engagements); and/or (d) ERP security and controls reviews (Oracle, SAP, PeopleSoft)
Good understanding of the common IT processes like access control management, change management and computer operations
Hands on experience to perform design and operating effectiveness testing and draft a review summary
Experience in performing on application and IT general controls testing on various applications, networks, operating systems (OS) and databases such as Windows 2000, 2003 and 2008, Microsoft SQL Server, Red Hat Linux, HP-UNIX, Oracle, SAP, Solaris and Mainframe
Experience in security or infrastructure reviews for various OS and databases such as Windows 2000, 2003 and 2008, Microsoft SQL Server, Red Hat Linux, HP-UNIX, Oracle, SAP, Solaris and Mainframe
IT application /automated controls is derailable
Strong project management and multitasking skills
Advanced written and verbal communication skills and presentation skills
Ability to work independent and with a small to mid-size team
CPA, CA, CISA, CISSP, CISM, CBCP, CIA, CIPP, CGEIT or certification is desired; non-certified hires are required to become certified within 1 year from the date of hire. Based on an individual's professional background, area of specialization, or industry focus, we recognize that other certifications, credentials, or experience may be more relevant than the listed certifications and therefore may be acceptable substitutes with written consent of EY's Americas IT Risk & Assurance leadership
To qualify, you must have:
A bachelor's degree and approximately 2-3 years of related work experience in IT audit or controls testing;
A degree in business, accounting, finance, computer science, information systems, engineering, or a related discipline
Detail-oriented and has proficient communication skills
Preferably with experience on testing cyber-related controls (e.g., Penetration testing, Firewall, IPS/IDS, Anti-virus, etc.)
Ability to critically review IT processes to identify controls gaps and weaknesses
Ability to liaise with stakeholders and strong project management skills
CISA holder is a plus, but not a necessity
Must be amenable to work in McKinley Hill, Taguig City
Technology Risk Consultant
Technology Risk covers all risk services where EY is providing independent assurance and the preparation towards assurance to our clients where the assurance can be used by our clients to build confidence and trust with their customers, the general market/public, key stakeholders or when regulatory (by law or oversight) or contractually required. Engagements focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. Engagements may be either assurance (attestation) and/or risk advisory in nature, and vary considerably in size and complexity.The Opportunity
All of our services whether assurance or advisory in nature are designed for the dual purpose of strengthening internal controls and, in so doing, helping to improve IT and business performance. In addition to assurance-related engagements such as financial attestation and SSAE 16 engagements, our IT risk advisory services focus on IT governance and effectiveness; IT program management and assurance; security and controls of ERP implementations; and business intelligence and information analysis.Your key responsibilities:Execute and participate in performing procedures especially focusing on complex, judgmental and/or specialized issues and share knowledge with team members. Work with the team and the client to create plans for accomplishing engagement objectives and a strategy that complies with professional standards and addresses the risks inherent in the engagement.Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the client's business.Skills and attributes for success:
Experience working as an IT auditor or IT risk adviser for a public accounting firm, a professional services firm, or within industry
Experience in having applied relevant technical knowledge in at least one of the following engagements: (a) financial audit IT integrations; (b) IT internal audits; (c) IT attestations (SSAE 16/SOC 1 or SOC 2 engagements); and/or (d) ERP security and controls reviews (Oracle, SAP, PeopleSoft)
Good understanding of the common IT processes like access control management, change management and computer operations
Hands on experience to perform design and operating effectiveness testing and draft a review summary
Experience in performing on application and IT general controls testing on various applications, networks, operating systems (OS) and databases such as Windows 2000, 2003 and 2008, Microsoft SQL Server, Red Hat Linux, HP-UNIX, Oracle, SAP, Solaris and Mainframe
Experience in security or infrastructure reviews for various OS and databases such as Windows 2000, 2003 and 2008, Microsoft SQL Server, Red Hat Linux, HP-UNIX, Oracle, SAP, Solaris and Mainframe
IT application /automated controls is derailable
Strong project management and multitasking skills
Advanced written and verbal communication skills and presentation skills
Ability to work independent and with a small to mid-size team
CPA, CA, CISA, CISSP, CISM, CBCP, CIA, CIPP, CGEIT or certification is desired; non-certified hires are required to become certified within 1 year from the date of hire. Based on an individual's professional background, area of specialization, or industry focus, we recognize that other certifications, credentials, or experience may be more relevant than the listed certifications and therefore may be acceptable substitutes with written consent of EY's Americas IT Risk & Assurance leadership
To qualify, you must have:
A bachelor's degree and approximately 2-3 years of related work experience in IT audit or controls testing;
A degree in business, accounting, finance, computer science, information systems, engineering, or a related discipline
Detail-oriented and has proficient communication skills
Preferably with experience on testing cyber-related controls (e.g., Penetration testing, Firewall, IPS/IDS, Anti-virus, etc.)
Ability to critically review IT processes to identify controls gaps and weaknesses
Ability to liaise with stakeholders and strong project management skills
CISA holder is a plus, but not a necessity
Must be amenable to work in McKinley Hill, Taguig City
