Senior Associate - IT Risk Assurance
Ernst & Young Global Limited
Johannesburg, GT, ZA
6d ago

As Risk Senior Associate,you'll build valued relationships with external clients and internal peers and develop a portfolioof business by focusing on high impact opportunities.

You'll lead presentations and proposals for moderately complexprojects - or for elements of highly complex projects - and provide subject matter insight to bids and proposals.

Drawing on your skills and experience, you'll create innovative commercial insights for clients, adapt methods andpractices to fit operational team and cultural needs, and contribute to thought leadership.

In addition, you'll packageoverall project findings into clear, concise, high-quality work products. Acting as a subject matter resource on one or moreservices, you'll leverage knowledge and experience to shape Ernst & Young's services to meet client problems.

By driving improvements in business processes, you'll serve as a role model for quality & risk management and confirmthat project teams understand and comply with Ernst & Young's Q&RM guidelines.

As a respected senior professional,you'll communicate effectively with Ernst & Young engagement partners and managers and work to build, manage andmotivate high-

performing teams. You'll also help key staff to build sustainable competencies.

Client responsibilities

  • Manage the financial aspects of client engagements and communicate significant issues, fees, and estimates-tocomplete to partners and clients.
  • Help partners and directors generate new business opportunities and build client networks and relationships.
  • understand all Ernst & Young service offerings and actively identify opportunities to better serve clients.
  • Build strong internal relationships within Ernst & Young Advisory Services and with other services across the organization
  • People responsibilities

  • Develop people through effectively supervising, coaching, and mentoring all levels of staff.
  • Conduct performance reviews and contribute to performance feedback for all levels of staff.
  • Contribute to people-related initiatives including recruiting, retaining and training IT Risk and Assurance professionals.
  • Maintain an educational program to continually develop personal skills of all levels of staff.
  • Understand and follow workplace policies and procedures and communicate these to all levels of staff
  • Responsibilities, Qualifications, Certifications - External

    Technical skills requirements

    3 years’ knowledge and experience of a number of the following areas, and be developing deep experience andtechnical competence in at least one :

  • Governance and IT management.
  • IT governance and risk :
  • oControl frameworks such as COSO

    oEnterprise risk services with a specific focus on IT, and related industry standardsoIT risk management framework

    oCommon IT governance and control industry frameworks, including CObIT, RiskIT, ValIT, IToGovernance Institute and ISACA good practicesoIT industry frameworks such as ITIL and CMM - Project risk :

    oRobust understanding of program and project management practicesoFamiliarity with a typical IT systems development life cycle

    oExperience in developing technical skills specific to a solution, e.g., SAP, Oracle, CRMoProven business process / analysis skills -

    IT assurance and compliance.

  • A broad appreciation of business processes, data structures, IT applications and infrastructure, IT processes, and governance and internal control principles.
  • Depending upon your specific area(s) of focus, you'll have additional skills and knowledge in :
  • IT audit in the context of a financial audit, and related regulations, auditing standards and guidelines.
  • Control frameworks such as COSO, internal control principles and relatedregulations including SOX and J-SOX.
  • Internal audit services with a specific focus on IT, and related industry standards.
  • Common IT governance, control and assurance industry frameworks, includingCObIT, RiskIT, ValIT, IT Governance Institute and ISACA good practices.
  • IT industry frameworks such as ITIL and CMM.
  • Third party reporting standards (particularly SAS 70), other reporting and industry specific standards and, if applicable, trust based standards such as SysTrust and WebTrust
  • Infrastructure
  • Technically enabled IT / business transformation, program and project delivery, design, architecture and solution design, information management, implementation, operations, and management of IT infrastructure.
  • Information systems security assessment, design, architecture, implementation, management and reporting.
  • Strong technical or security skills related to a broad range of operating systems, databases or security tools, e.g., UNIX, Linux, Windows 2000 and NT, firewalls and IDS systems.
  • Familiarity with IT analysis, delivery and operations methods, including SDLC and CMM.
  • Experience with programming languages such as Java, C, C++, C#, asp, and .NET.
  • Familiarity with security and risk standards such as ISO 2701-2, PCI DSS, NIST, ITIL, COBIT.
  • Experience of security testing methods and techniques including network, operating and application system configuration review and internal / external penetration testing.
  • An understanding of web-based application vulnerabilities, and experience in application security review and testing.
  • Experience of manual attack and penetration testing above and beyond the running of automated tools.
  • Experience in developing custom scripts or programs (used for port scanning and vulnerability identification).
  • Applications.
  • Application controls and security experiences involving ERPs :
  • security modelling.
  • sensitive access and SoD testing.
  • controls testing
  • Process systems and integrity, including risks and controls within business processes (manual, automated, security).
  • Change management.
  • Project management and program management office (PMO) experience involving ERPs.
  • Project assurance / advisory services experience involving ERPs :
  • system selections.
  • targeted assessments.
  • pre- and post-implementation reviews
  • Basic programming compliant with ACL, DB and Microsoft Office skills / experience, e.g., Excel and Access.
  • Data
  • Data / information management and manipulation
  • Information architecture and integration design
  • Information analysis and business intelligence tools
  • ETL tool usage, design and deployment
  • Database (relational and multidimensional) design, deployment and scripting
  • Data governance and data quality design, deployment and tools
  • You'll have knowledge and experience in one or more of Ernst & Young's priority industry sectors :

  • Government & Public Sector.
  • Utilities.
  • Consumer Products.
  • Industrial Products.
  • Technology.
  • Communications & Entertainment.
  • Additional requirements

  • Demonstrated track record with a blue chip consulting organization and / or a blue chip organization.
  • Demonstrated experience in business development and account management.
  • Strong academic record including a degree.
  • Relevant professional qualifications such as CISA, Prince2, PMI, CISSP, CISM, CA, CIA, CGEIT, MBCI.
  • Relevant technical qualifications such as MCNE, CCSA, CCSE, CCSP, CNE, RHCE, MCSA.
  • Proficiency in Arabic language skills are highly desirable
  • Who we are

    Information technology is one of the key enablers for modern organizations. As one of our information technology risk andassurance professionals, you'll work with clients to improve the competitive advantage of their IT operations by enhancingefficiency and effectiveness.

    You'll help them create and implement processes to identify risks associated with runningtheir systems and find ways to manage those risks.

    You can expect to work on some of the biggest external and internalaudit engagements in the world and we'll give you the opportunities and support you need to succeed professionally andpersonally

    Description - Internal

    As Risk Senior Asscoiate, you'll build valued relationships with external clients and internal peers and develop a portfolioof business by focusing on high impact opportunities.

    You'll lead presentations and proposals for moderately complexprojects - or for elements of highly complex projects - and provide subject matter insight to bids and proposals.

    Drawing on your skills and experience, you'll create innovative commercial insights for clients, adapt methods andpractices to fit operational team and cultural needs, and contribute to thought leadership.

    In addition, you'll packageoverall project findings into clear, concise, high-quality work products. Acting as a subject matter resource on one or moreservices, you'll leverage knowledge and experience to shape Ernst & Young's services to meet client problems.

    By driving improvements in business processes, you'll serve as a role model for quality & risk management and confirmthat project teams understand and comply with Ernst & Young's Q&RM guidelines.

    As a respected senior professional,you'll communicate effectively with Ernst & Young engagement partners and managers and work to build, manage andmotivate high-

    performing teams. You'll also help key staff to build sustainable competencies.

    Client responsibilities

  • Manage the financial aspects of client engagements and communicate significant issues, fees, and estimates-tocomplete to partners and clients.
  • Help partners and directors generate new business opportunities and build client networks and relationships.
  • understand all Ernst & Young service offerings and actively identify opportunities to better serve clients.
  • Build strong internal relationships within Ernst & Young Advisory Services and with other services across the organization
  • People responsibilities

  • Develop people through effectively supervising, coaching, and mentoring all levels of staff.
  • Conduct performance reviews and contribute to performance feedback for all levels of staff.
  • Contribute to people-related initiatives including recruiting, retaining and training IT Risk and Assurance professionals.
  • Maintain an educational program to continually develop personal skills of all levels of staff.
  • Understand and follow workplace policies and procedures and communicate these to all levels of staff
  • Responsibilities, Qualifications, Certifications - Internal

    Responsibilities, Qualifications, Certifications External

    Technical skills requirements

    3 years’ knowledge and experience of a number of the following areas, and be developing deep experience andtechnical competence in at least one :

  • Governance and IT management.
  • IT governance and risk :
  • oControl frameworks such as COSO

    oEnterprise risk services with a specific focus on IT, and related industry standardsoIT risk management framework

    oCommon IT governance and control industry frameworks, including CObIT, RiskIT, ValIT, IToGovernance Institute and ISACA good practicesoIT industry frameworks such as ITIL and CMM - Project risk :

    oRobust understanding of program and project management practicesoFamiliarity with a typical IT systems development life cycle

    oExperience in developing technical skills specific to a solution, e.g., SAP, Oracle, CRMoProven business process / analysis skills -

    IT assurance and compliance.

  • A broad appreciation of business processes, data structures, IT applications and infrastructure, IT processes, and governance and internal control principles.
  • Depending upon your specific area(s) of focus, you'll have additional skills and knowledge in :
  • IT audit in the context of a financial audit, and related regulations, auditing standards and guidelines.
  • Control frameworks such as COSO, internal control principles and relatedregulations including SOX and J-SOX.
  • Internal audit services with a specific focus on IT, and related industry standards.
  • Common IT governance, control and assurance industry frameworks, includingCObIT, RiskIT, ValIT, IT Governance Institute and ISACA good practices.
  • IT industry frameworks such as ITIL and CMM.
  • Third party reporting standards (particularly SAS 70), other reporting and industry specific standards and, if applicable, trust based standards such as SysTrust and WebTrust
  • Infrastructure
  • Technically enabled IT / business transformation, program and project delivery, design, architecture and solution design, information management, implementation, operations, and management of IT infrastructure.
  • Information systems security assessment, design, architecture, implementation, management and reporting.
  • Strong technical or security skills related to a broad range of operating systems, databases or security tools, e.g., UNIX, Linux, Windows 2000 and NT, firewalls and IDS systems.
  • Familiarity with IT analysis, delivery and operations methods, including SDLC and CMM.
  • Experience with programming languages such as Java, C, C++, C#, asp, and .NET.
  • Familiarity with security and risk standards such as ISO 2701-2, PCI DSS, NIST, ITIL, COBIT.
  • Experience of security testing methods and techniques including network, operating and application system configuration review and internal / external penetration testing.
  • An understanding of web-based application vulnerabilities, and experience in application security review and testing.
  • Experience of manual attack and penetration testing above and beyond the running of automated tools.
  • Experience in developing custom scripts or programs (used for port scanning and vulnerability identification).
  • Applications.
  • Application controls and security experiences involving ERPs :
  • security modelling.
  • sensitive access and SoD testing.
  • controls testing
  • Process systems and integrity, including risks and controls within business processes (manual, automated, security).
  • Change management.
  • Project management and program management office (PMO) experience involving ERPs.
  • Project assurance / advisory services experience involving ERPs :
  • system selections.
  • targeted assessments.
  • pre- and post-implementation reviews
  • Basic programming compliant with ACL, DB and Microsoft Office skills / experience, e.g., Excel and Access.
  • Data
  • Data / information management and manipulation
  • Information architecture and integration design
  • Information analysis and business intelligence tools
  • ETL tool usage, design and deployment
  • Database (relational and multidimensional) design, deployment and scripting
  • Data governance and data quality design, deployment and tools
  • You'll have knowledge and experience in one or more of Ernst & Young's priority industry sectors :

  • Government & Public Sector.
  • Utilities.
  • Consumer Products.
  • Industrial Products.
  • Technology.
  • Communications & Entertainment.
  • Additional requirements

  • Demonstrated track record with a blue chip consulting organization and / or a blue chip organization.
  • Demonstrated experience in business development and account management.
  • Strong academic record including a degree.
  • Relevant professional qualifications such as CISA, Prince2, PMI, CISSP, CISM, CA, CIA, CGEIT, MBCI.
  • Relevant technical qualifications such as MCNE, CCSA, CCSE, CCSP, CNE, RHCE, MCSA.
  • Proficiency in Arabic language skills are highly desirable
  • Who we are

    Information technology is one of the key enablers for modern organizations. As one of our information technology risk andassurance professionals, you'll work with clients to improve the competitive advantage of their IT operations by enhancingefficiency and effectiveness.

    You'll help them create and implement processes to identify risks associated with runningtheir systems and find ways to manage those risks.

    You can expect to work on some of the biggest external and internalaudit engagements in the world and we'll give you the opportunities and support you need to succeed professi

    Apply
    Add to favorites
    Remove from favorites
    Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Continue
    Application form