🚀 IT Senior Associate, Risk Advisory Services

Overview

IT Senior Associate, Risk Advisory Services – Data Risk & Security (DRS). The Senior Associate provides risk consulting and issue resolution to clients in general IT controls, IT application controls, IT process improvement, pre- and post-implementation activities, and IT security, specifically in banking environments (commercial and/or retail). The role participates in all stages of IT internal audits or IT consulting engagements, and assists with planning, fieldwork, engagement wrap-up and report composition, along with providing recommendations to address client risks.

Job Duties

• Acts as primary contact for clients regarding basic questions and information
• Develops and monitors budgets (budget-to-actual) for all assigned engagements
• Conducts informational interviews and facilitates meetings with clients during the engagement process
• Obtains information, documents and data from clients to support analysis and research of client issues
• Documents and analyzes client processes, risks and controls, with guidance from senior DRS professionals
• Reviews client contracts and develops contract summaries, including key provisions and financial information based on contract type
• Develops initial deliverables and/or solutions to client issues
• Reassesses risk and communicates with other BDO professionals and/or client as necessary
• Assists with management of engagements to ensure engagement metrics are achieved
• Utilizes research tools and industry information to understand client industry
• Develops relationships with client personnel and management
• Prepares formal and informal presentations for client meetings
• Partners with RAS leadership to complete research and draft proposals and reports
• Implements project plans and maintains documentation and work papers
• Maintains confidentiality of all documentation and work papers
• Conducts risk assessment of assigned department or functional area in established timelines, while overseeing staff
• Establishes risk-based IT audit programs; determines scope of review with engagement manager
• Documents financial reporting cycles or internal audit areas and identifies key controls
• Assesses internal control design and operational effectiveness
• Conducts audit testing, identifies issues and risk dimensions
• Determines compliance with applicable laws, regulations and audit policies
• Communicates findings to senior management and drafts comprehensive reports
• Stays current with IT technology, cloud services, IT security trends and auditing standards
• Other duties as required

Supervisory Responsibilities

• Supervises day-to-day workload of Data Risk & Security Associates on assigned engagements and reviews work product
• Ensures DRS Associates are trained on audit software and engagement processes
• Delivers periodic performance feedback and completes evaluations
• Mentors DRS Associates as appropriate

Education

• Bachelor’s degree in Information Technology, Computer Science, Accounting, or Finance, required

Experience

• Two (2) or more years of experience in internal IT/audit or risk services within a public accounting firm or industry environment, required
• Experience with IT internal controls, including design and testing of controls, required
• Experience with IT Audit and Sarbanes-Oxley, with a focus on enterprise risk assessment, required
• One (1) or more years of supervisory experience, preferred
• Experience performing IT security audits and third-party vendor risk assessments, preferred

Licenses/Certifications

• CISA, CISM, CISSP, or other equivalent certification, preferred

Software

• Proficient in Microsoft Office Suite (Excel and Word), required
• Experience auditing ERP applications (e.g., SAP, Oracle), preferred
• Experience with IT audit tools and research software, preferred
• Working knowledge of data visualization/analytics software (PowerBI, Alteryx, Tableau or similar), preferred

Other Knowledge, Skills & Abilities

• Knowledge of automated business systems, change management controls, IT controls and audit techniques
• Understanding of network architectures, operating systems, network security methods (firewalls, proxies, VPNs, IDS/IPS)
• Knowledge of physical facilities access controls, cloud security and third-party vendor risks
• Logical data and application access controls; disaster recovery and business continuity concepts
• Strong verbal and written communication; ability to adapt messaging for client and firm audiences
• Ability to multi-task, work independently and in a team; strong analytical and organizational skills
• Ability to travel, as needed

Individual salaries are determined based on qualifications, experience, skills and geography.

Salary ranges by location vary; examples include ranges for California, Colorado, Illinois, Maryland, Minnesota, NYC/Long Island/Westchester, Washington, and Washington DC: $85,000 – $100,000 (as applicable per location).

About Us

Join us at BDO, where you will find more than a career. We offer flexibility and opportunities for advancement. Our culture centers on meaningful connections, curiosity, staying true to yourself, and making a positive difference. BDO is an ESOP company, sharing growth in value with our U.S. team. We are committed to delivering exceptional experiences and value to our people, clients, and communities. Equal Opportunity Employer, including disability/vets. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability or protected veteran status.