Logo
job logo

Director, IT Audit and Technology Risk Advisory

Highspring, McLean, VA, United States

Director, IT Audit and Technology Risk Advisory

Minimum Qualifications

  • 10+ years of recent professional services experience (public accounting or advisory firm). 5+ years of professional services experience may be combined with applicable IT risk management and internal controls experience with a Fortune 500 organization to meet the minimum requirement.
  • Bachelor’s degree in Business Administration, Accounting, Management Information Systems or a related field.
  • One or more of the following risk related certifications: CPA, CIA, CISA, or CISSP.
  • Demonstrated track record of technical expertise with SOX, IT risk management and internal audit.
  • Subject Matter Expert on select ERP applications such as SAP, NetSuite, Oracle Cloud, PeopleSoft, or Microsoft Dynamics.
  • Detailed understanding of Sarbanes‑Oxley (SOX) compliance and PCAOB requirements.
  • Experience implementing and assessing controls over highly automated business processes.
  • Knowledge of IT leading practices to provide clients effective and practical recommendations.
  • Knowledge and application of IT controls and governance frameworks such as SOC 1/2, COBIT, NIST (CSF, 800‑53, and 800‑171), ITIL and ISO 27001/2.
  • Knowledge of emerging technology risks, including cloud computing, agile development/CICD, cybersecurity, and privacy.
  • Knowledge of best practices for authentication, authorization and change management.
  • Strong foundational knowledge of infrastructure and platform components such as Windows, Linux, Unix, Active Directory, SQL, MySQL, Open Source, and Oracle.
  • Strong track record of meeting business development targets and developing thought leadership materials.
  • Proven ability to lead, motivate and build teams that deliver services and solutions that surpass client expectations.
  • Ability to lead workshops, including the gathering/documenting of requirements and use‑cases and recommendation of envisioned processes.
  • History of developing risk and compliance thought leadership.
  • Experience developing detailed work plans for project activities within scope of application responsibility.
  • Flexibility to travel at least 25%.
  • Due to the unique security requirements for this client portfolio, US citizenship is required.

Preferred Qualifications

  • Experience managing up to 15 IT risk projects concurrently.
  • Experience designing and implementing internal controls in conjunction with ERP implementation projects.
  • Experience performing platform security assessments, implementing information security solutions, performing segregation of duties assessments using automated solutions (e.g., Fastpath) and implementing GRC solutions (e.g., Workiva, AuditBoard).

Responsibilities

  • You will be responsible for helping to shape the strategic direction of the practice.
  • Drive business development, both by expanding and growing existing accounts and pursuing new client opportunities for the firm.
  • Work with emerging growth companies and established enterprises (both publicly traded and privately held) on a wide variety of projects including Sarbanes‑Oxley (“SOX”) readiness and compliance, internal audit, and enterprise risk management (“ERM”).
  • Assist companies with implementing and assessing the effectiveness of SOX compliance programs, including, but not limited to the following activities:
    • Conducting risk assessments and system scoping,
    • Conducting walkthroughs and documenting end‑to‑end technology processes, identifying risks and key controls, using narratives,
    • Documenting and assessing the design and effectiveness of key IT general controls (“ITGC”) and IT application controls (“ITAC”),
    • Executing testing to validate the operating effectiveness of controls,
    • Evaluating controls deficiencies to determine impact and significance,
    • Identifying and implementing effective and efficient plans to remediate control deficiencies,
    • Summarizing and documenting results of work performed including management reporting.
  • Execute internal audit and IT risk management activities to support our client’s risk management initiatives.
  • Demonstrate subject matter expertise on technology risks and internal control solutions associated with ERP, SaaS, IT infrastructure and cloud platforms.
  • Create and deliver presentations on technical concepts, project work plans, delivery approach, milestones, and results to client stakeholders.
  • Review team progress to ensure compliance with work program, professional standards, budgets, deliverables, and deadlines.
  • Identify, design and implement creative business solutions to continually improve the firm’s services, methodologies and approaches.
  • Leverage firm partnerships and tools to deliver efficient and effective approaches to implement and assess risks relating to information security and change management.
  • Apply subject matter expertise in areas such as data analytics to enhance approaches to internal audits and control assessments.
  • Understand the breadth of services offered by Risk & Regulatory, as well as Highspring holistically, to be able to identify additional opportunities at our clients.
  • Direct and facilitate teams, working with different groups within the organization (technology, accounting, finance, operations).
  • Manage existing and prospective client relationships with an eye toward identifying and closing on new business opportunities.
  • Lead project teams, share your individual subject matter expertise, and be a primary liaison to our clients.
  • Actively participate in career development activities and technical training of staff.
  • Mentor and develop team members.
  • Establish credibility as a trusted advisor.

Compensation

Base Compensation Range: $193,509—$295,267 USD

Transform Your Career: We deliver unparalleled opportunities for growth and career advancement. Our dynamic, entrepreneurial culture supports your journey every step of the way.

The Team – Risk & Regulatory – IT Audit and Technology Risk: Our team is comprised of a powerful mix of seasoned professionals with public accounting experience and IT professionals with deep expertise in a broad range of services and industries. We take a comprehensive approach to help clients navigate through internal audit, risk, and compliance activities. We work as a broader team to address a wide range of business needs across the organization.

#J-18808-Ljbffr