Position Summary

We are looking to add to our Technology Risk & Compliance (TRC) team, and we want to talk to YOU! We are specifically looking for entry level IT Auditors that are eager to develop the fundamental knowledge and technical skills to be successful in the growing field of Information Technology Risk & Compliance services.

This is a role for individuals interested in pursuing a career in professional services, specifically focused on helping clients understand and mitigate their technological risks. The TRC team’s service offerings include SOC 1®, SOC 2®, PCI, ISO, HIPAA, and many other IT risk and control frameworks. In addition, there are numerous consulting opportunities related to assessing IT and cybersecurity risks for multi-national and local clients.

Tasks

Essential Functions

• IT Control Attestations: Working directly with project managers and clients, you will gain an understanding of the client’s IT systems, infrastructure, and control environment. You will apply that understanding to a variety of IT risk and control frameworks such as SOC, PCI, HIPAA, ISO and many others 
• IT Risk Assessments: Clients and their stakeholders sometimes need an independent assessment of their IT risks. You will be directly involved in assessing various IT risks and developing various types of reports and presentations to stakeholders. 
• Controls Testing: Evaluating controls includes understanding the best way to test the effectiveness of controls 
• Documentation: TRC staff need to document the procedures and results of tests performed during control testing and document conclusions 
• Quality control: TRC staff are expected to ensure quality control procedures are being executed under direction of engagement supervisor, and perform thorough self-review of all work prior to submission 

Supervisory responsibilities 

• N/A 

Work environment 

• Work is conducted in a professional office environment with minimal distractions 

Physical demands 

• Prolonged periods of sitting at a desk and performing work in front of a computer screen for long periods of time 
• Must be able to lift up to 15 pounds at a time 

Travel required 

•  Travel is minimal.

Required education and experience 

• Bachelor's degree in accounting, information systems, or similar with an interest in information technology 
• A minimum of 1-2 years of related internal audit and IT audit experience 

Preferred education and experience 

Must have a desire to work toward achieving one or more of the following certifications: 

• Certified Public Accountant (CPA) 
• Certified Information Systems Auditor (CISA): ISACA's globally recognized cornerstone certification for IS, audit, control, assurance, and security professionals who control, monitor, and assess an organization's information technology and business systems 
• Certified Information Systems Security Professional (CISSP): An independent information security certification governed by the International Information Systems Security Certification Consortium, also known as ISC², which provides security training to information assets 
• Certified Information Security Manager (CISM): ISACA's certification program for those who manage, design, oversee, or assess an enterprise's information security 

Additional eligibility requirements 

-

Other duties 

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Skills

• Active Listening - Giving full attention to what clients are saying, taking time to understand the points being made, asking questions as appropriate, and not interrupting at inappropriate times.
• Communication – Strong written and oral communication skills
• Reading Comprehension - Understanding written sentences and paragraphs in work related documents.
• Speaking - Talking to others to convey information effectively.
• Writing – Effective written communication to meet the needs of the audience.
• Social Perceptive - Being aware of others' reactions and understanding why they react as they do.
• Information Technology Skills – Ability to utilize various tools and applications to perform the work, obtain information, and communicate with the engagement team.
• Information Technology Knowledge - TRC staff will be exposed to many technologies and will need to quickly obtain understanding of the technologies in a short-time period.

Experience and Education

Education/Certification/Experience

• Bachelor’s in Accounting, Information Systems, or similar with an interest in Information Technology
• Demonstrate knowledge of basic business, technology, and audit principles/standards
• Must have a desire to work toward achieving one or more of the following certifications in the future:
• Certified Public Accountant (CPA)
• Certified Information Systems Auditor (CISA): ISACA's globally recognized cornerstone certification for IS, audit, control, assurance, and security professionals who control, monitor, and assess an organization's information technology and business systems.
• Certified Information Systems Security Professional (CISSP): An independent information security certification governed by the International Information Systems Security Certification Consortium, also known as ISC², which provides security training to information assets.
• Certified Information Security Manager (CISM): ISACA's certification program for those who manage, design, oversee, or assess an enterprise's information security.
• Must maintain required CPE credits annually

Legal / Compliance

• Must complete acknowledgement of Independence Guidelines and Ethical Standards document