EY Advisory - Risk - Risk Assurance (IT Audit) - Senior in Guangzhou, China

Advisory - Risk - Risk Assurance (IT Audit) - Senior


Requisition # GUA000YI

Post Date Dec 02, 2018

Our independent position and assessment capabilities provide clients with a candid and reliable overview of their risk landscape and the controls in place. As a risk assurance professional, you will be leading assessments and certification services that will directly support C-suite discussions and important business decisions regarding compliance, cost and quality of our clients’ risk management programs. You will be part of an international network of professionals across geographies and sectors, delivering assessment and certification services that will help verify compliance and improve the performance of our clients.

Our structured career framework means you’ll continue to develop, whatever level you’re at. So whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.


  • Establish and maintain strong relationships with technology leaders and related control groups to ensure that key risks are identified and assessed in a program of IT audit coverage.

  • Maintaining active communication with audit clients to manage expectations, ensure satisfaction, make sure deadlines are met and lead change efforts effectively.

  • Perform information security risk assessments and serve as an internal auditor for security issues such as network vulnerability assessments and security solution implementations (e.g., firewall, VPN, IDS/IPS).

  • Assist with the organizational understanding of responsibilities and technology requirements relevant to managing compliance with information security policies and regulatory/industry mandates (privacy and state breach notification laws, Sarbanes-Oxley Act, PCI compliance, etc.).

  • Perform IT and/or operational controls assessments (including general computer and application controls) in support of financial statement audits, internal control audits and Sarbanes-Oxley compliance.

  • Assist in coordinating IT audits and reporting performed by external auditing firms.

  • Assist in the development of an internal audit strategy that considers relevant and evolving business risks facing the organization.

  • Assist with the annual Audit Plan development and Audit Committee documents.

  • Monitor key risk indicators and significant change activities and escalate emerging technology issues to management in a timely fashion.

  • Identify problematic areas and provide insight on the impact to the company.

  • Document test work and controls in a complete and accurate manner.

  • Obtain and maintain appropriate professional licensure.

  • Exercise due professional care in forming opinions on controls and processes.

  • Prepare written audit reports and summaries that require minimal revision of content or grammar.

  • Support the Internal Audit function, external auditors and consultants on special projects as requested.


  • Bachelor’s degree in a related field and a minimum of three years of IT audit experience as an internal auditor, external auditor or consultant of a mid-to-large company is required.

  • Certified Information Systems Auditor (CISA) is highly desirable. Certified Public Accountant (CPA) or Certified Internal Auditor (CIA) will be considered with relevant IT audit experience and a commitment to obtain the CISA within two years of hire.

  • Oracle E-Business Suite and ACL experience; PCI Internal Security Assessor (ISA) training; and, Sarbanes-Oxley experience is preferred.

  • working knowledge of IT control and/or service management standards such as CObIT and ISO preferred;

  • team player and deadline oriented;

  • collecting and analyzing data;

  • thinking and working analytically,

  • making rational and well-supported decisions and recommendations;

  • computer usage and software including Microsoft Office products;

  • managing and organizing work to accomplish objectives timely.

HR Number: 96891