Risk Consulting - Protect Tech - Senior - IT Internal Controls -ITGC-ITAC (Kolkata, WB, IN, 700091)

As a Senior in Risk Consulting - Protect Tech, you will have the chance to build a career as unique as you are. Join EY and build an exceptional experience for yourself, and a better working world for all.

Key Responsibilities

• Deliver quality client services. Drive high-quality work products within expected timeframes and on budget.
• Foster relationships with client personnel to analyze and improve information systems and security.
• Use knowledge of current IT environment and industry trends to identify engagement and client service issues.
• Demonstrate deep technical capabilities and professional knowledge.

You will leverage your IT Audit experience to effectively deliver results in the assessment, design, and implementation of controls, security, and IT risk solutions.

Qualifications

• Bachelor's or Master's degree and approximately 3-6 years of related work experience.
• At least 2-4 years of experience in IT Risk and Compliance.

• Design IT Risk Controls framework such as IT SOX.
• Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc.
• Identify control gaps, weaknesses and areas of improvements.
• Conducting IT internal control reviews, and review of SOC1 or SOC2 reports.

• Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc.
• IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML.
• IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc.
• Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities.
• Excellent communication, documentation and report writing skills.
• Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant).