Manager, Technology Risk Consulting - IT SOX and ICFR

Responsibilities:

• Consult with client leadership on the design and optimization of controls utilizing a general knowledge of business processes, accounting, and information technologies. Create internal control documentation for the engagement, including narratives, process, and data flows.

• Consult with client leadership on strategic plans and other business matters, helping our clients to anticipate emerging risks and information technology opportunities.

• Manage SOC attestation and other third-party opinion services.

• Support external financial statement and SOX compliance engagements for application and information technology general computer controls, assisting financial audit and Sarbanes-Oxley compliance teams in the identification of control objectives and the design of control procedures to address those objectives.

• Evaluate and enhance IT security policies, procedures, and controls of clients' business applications, networks, operating systems, and other components of their technology infrastructure.

• Supervise the review, documentation, evaluation, and testing of application controls, particularly automated controls on a wide range of ERP systems and software applications across various client business processes.

• Identify internal IT controls, assess their design and operational effectiveness, determine risk exposures, and develop remediation plans. Determine the technical and business impact of identified security and control issues and provide remediation guidance to clients.

• Communicate findings and recommendations to client personnel.

• Drive business growth by actively participating in business development and client sales opportunities, contributing to the expansion of RSM's market presence.

Required Qualifications:

• Bachelor's degree or equivalent.

• Four or more years of experience in business process controls and IT risk management, internal audit, IT security, or other IT compliance-related work.

• Experience leading engagements and managing staff; experience managing project financials and managing projects to completion within agreed-upon budgets.

• Experience mentoring staff, providing performance feedback, and monitoring workloads of the team while meeting stakeholder and client expectations.

• Strong understanding of information technology controls and security.

• Ability to interpret and convey technical information to all levels of technical aptitude, including senior management. This includes written and oral communications.

• Ability to articulate, write, and present information in a clear and understandable manner.

• Strong time management and organizational skills with the ability to manage multiple priorities successfully within a deadline-driven environment.

Preferred Qualifications:

• Experience in a widely used financial application (SAP, Oracle, JD Edwards, PeopleSoft, etc.).

• Good understanding of relevant regulations and industry standards (e.g., FFIEC, SOX, COSO, COBIT, ITIL, ISO27001, PCI, HIPAA, and GLBA) and best practices and methodologies to address these requirements. Ability to apply these requirements to organizational internal control frameworks.

• Professional certifications including Certified Public Accountant (CPA), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and/or Certified Information Privacy Professional (CIPP).