At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.
Technology Riskcovers all risk services where EY is providing independent assurance and the preparation towards assurance to our clients where the assurance can be used by our clients to build confidence and trust with their customers, the general market/public, key stakeholders or when regulatory (by law or oversight) or contractually required. Engagements focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. Engagements may be either assurance (attestation) and/or risk advisory in nature, and vary considerably in and complexity. The Opportunity
All of our services whether assurance or advisory in nature are designed for the dual purpose of strengthening internal controls and, in so doing, helping to improve IT and business performance. In addition to assurance-related engagements such as financial attestation and SSAE 16 engagements, our IT risk consulting services focus on IT governance, risks and control effectiveness ITprogram management and assurance security and controls of ERP implementations and business intelligence and information analysis. Key Responsibilities:Engagement Service Delivery and Management
Coaching, Relationship Management and Business Development
- Provide high quality client service, working directly with onshore and/or client teams to understand and evaluate client's IT environment and controls.
- Work predominantly on offshore engagements. Communication, written and verbal, with the onshore EY and/or client teams would be expected.
- Adhere to EY audit methodologies and tools.
- Lead engagement kick-off and status update calls with onshore and/or client teams.
- Understand the process workflow related to work requests from initiation through completion and how workflow is managed within the firm's online tool for audit monitoring and project management.
- Perform IT related controls testing and evaluation for Information Systems.
- Prepare test procedures based on control requirements and documentation of test results based on testing performed.
- Review Consultant's work papers and provide guidance in performing test procedures.
- Provide update to Engagement Manager on the work status and result of audit review.
- Report control deficiencies identified to engagement Manager and client management and evaluate the overall impact.
- Identify opportunities for improvement/provide recommendations to mitigate the control deficiencies noted.
- Coach/Mentor newer/less experienced engagement team members.
- Develop and maintain team, onshore and client relationships to manage expectations of service, including the quality, timing, and deliverables.
- Identify any potential business opportunities on the engagement/account and endorse GDS Managers and/or Leaders for further business development activities.
Skills and attributes for success:
- Comply with mandatory training and internal risk management requirements.
- Identify and report any internal process improvement opportunities.
- Facilitate virtual/classroom trainings to the broader Tech Risk team
- Actively contribute to and/or lead initiatives and internal committees.
Exposure to and/or working knowledge on the following:
- At least4-6yearexperience in auditing/reviewing:
- IT General Controls across different platforms (Application, Operating System, Database) related to the following areas/domains:
- User Access Management
- Change Management
- Backup and Recovery Management
- Batch Job Management
- Problem/Incident Management
- System development/acquisition, migration and implementation.
- IT Application/Automated Controls related to various business processes such as Procure to Pay, Order to Cash, Inventory, Payroll, Treasury, Record to Report, etc.
- System-Generated Report/Information Produced by Entity (IPE) testing.
- IT SOX, IT Internal Audit, Service Organization Controls (SOC), Information Security review and/or Cloud Security review/testing.
- ERP/Application systems particularly SAP ECC/S4Hana and Oracle EBS/Fusion.
- Operating Systems (Windows Server, UNIX/Linux, OS/400, etc.)
- Databases (Microsoft SQL, Oracle SQL, DB2, SAP HANA, etc.)
- Cloud technologies (PaaS, SaaS, virtualization, etc.)
- Familiarity with leading industry standards and frameworks such as SSAE 16/ISAE 3402, ISO/IEC 27001, COBIT, ITIL, COSO etc.
- Experience in supervising staff or engagement team.
- Strong communication, correspondence, presentation/facilitation and coaching skills.
- With at least one of the following professional certifications: CISA, CISM, CIA.To qualify, you must:
EY | Building a better working world
- possess a bachelor's degree in Accounting, Computer Science, Information Systems, Engineering, or other related discipline.
- have prior work experience as IT Audit Supervisor, IT Compliance Lead, IT Internal Lead, Information Risk Sr. Consultant, Information Security Supervisor or other related roles.
- be amenable to work in McKinley Hill, Taguig City.
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.