EY IT Risk & Assurance Manager in Trinidad and Tobago

IT Risk & Assurance Manager

Advisory

Requisition # TRI00131

Post Date Apr 27, 2016

Ernst & Young, a global, market leading, professional services firm, with dynamic people in more than 140 countries, is committed to operating with integrity, quality and professionalism in the provision of audit, tax, advisory and transaction services. We strive to help all of our people achieve their professional and personal goals through an inclusive environment that values everyone’s contributions, appreciates diversity of thought, fosters growth, and provides continuous opportunities for development. Ernst & Young Caribbean, the region’s largest seamlessly and fully integrated professional services firm, has offices in Trinidad, Barbados, Jamaica, Curacao and Aruba. Recognized by organizations such as Fortune, Working Mother, and Training magazine, Ernst & Young continually strives to be a great place to work.

Being part of a dynamic, growing organization offers an exciting career path full of opportunity. Ernst & Young Advisory Services is a $4 billion global practice, with 18,000 professionals. With an overall Advisory market of $150 billion, there's tremendous potential for growth - and we're prepared to tap into that potential. Our Advisory team takes a strategic approach to helping clients improve and sustain their business performance. In today's complex business environment, that means understanding the relationship between risk and performance improvement, and applying our knowledge to help clients achieve their business objectives.

When you're on our Advisory team, you specialize in a particular competency - Risk, Performance Improvement, or IT Risk & Assurance. You also have the opportunity to work across disciplines with professionals who have broad industry sector experience and deep subject-matter knowledge. In Advisory, our growth strategy focuses on being account-centric, issue-based and competency-driven. That's what differentiates Ernst & Young in the Advisory marketplace.

Information technology is a key enabler, and we're integrating IT into our Advisory transformation engagements. Our IT Risk & Assurance team delivers world-class information technology advice as part of our broader risk and business improvement services. We provide services such as financial audit IT integration, third party reporting, IT Risk Advisory, information management & analysis and information security.

The opportunity is now. If you are interested in being part of a dynamic team, serving clients and reaching your full potential - Ernst & Young Advisory Services is for you.

Within EY's IT Risk & Assurance practice, the Manager is responsible for managing multiple client engagement teams at an executive level within the practice and the firm. Engagements focus on the assessment and/or evaluation of IT systems and processes and the mitigation of IT-related business risks. Engagements may be either assurance (attestation) and/or risk advisory in nature, and vary considerably in size and complexity. All of our IT Risk & Assurance services, whether assurance or advisory in nature, are designed for the dual purpose of strengthening internal controls and, in so doing, helping to improve IT and business performance. In addition to assurance-related engagements such as financial attestation and SAS 70 engagements, our IT risk advisory services focus on IT governance and effectiveness; IT program management and assurance; IT security (ISO/IEC 27001, PCI DSS, ISAE 16 including implementation projects around security software and security standards controls of ERP implementations; and business intelligence and information analysis.

Responsibilities

Assurance & Advisory related:

Provide guidance and share knowledge with team members and participate in conducting procedures, including focusing on complex, judgmental and/or specialized issues, pertaining to IT general controls and application controls testing. Work with the team and the client to create plans for achieving engagement objectives utilizing methodologies and strategies that comply with professional standards and addresses the risks inherent within engagements. Brief the engagement teams on the clients’ IT environment and industry IT trends. Maintain relationships with clients’ management personnel to manage expectations of service, including work products, timing, and deliverables.

Demonstrate a thorough understanding of complex information systems and apply it to client situations. Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the client's business.

Demonstrate excellent project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services.

Advisory related

Provide support in sales and pursuit initiatives, including the preparation of proposals and sales material. Assist with development of various service offerings in the IT risk and security space (Threat and Vulnerability management Threat intelligence, etc). Lead specialized IT risk engagements, demonstrating strong technical knowledge in the relevant domain.

To qualify, candidates must have:

  • a bachelor's degree and approximately 5 years of related work experience; or a graduate degree and approximately 4 years of related work experience

  • a degree in business, accounting, finance, computer science, information systems, engineering, or a related discipline

  • extensive experience working as an IT auditor or IT risk adviser or IT security professional for a public accounting firm, a professional services firm, or within industry

  • significant experience in having applied relevant technical knowledge for a few of the following engagements: (a) financial statement audits; (b) internal or operational audits; (c) SAS 70 engagements; and/or (d) ERP security and controls reviews (Oracle, SAP, PeopleSoft) (e) Involved in ISO 27001, ISO 22301 implementations and/or certifications (f) performed ISAE16, PCI/DSS compliance reviews (g) performing internal/ external attack and penetration assessments

  • Implementation experience with various security related technologies such as Mobile Device Management software (Airwatch, Good); SIEM technologies; data classification application; Data Loss Prevention applications (Symantec); firewalls (Checkpoint etc)and other security related applications (Solarwinds etc)

  • Experience in vulnerability assessment(nessus, Core Impact, etc.), and penetration testing tools ( Kali/BackTrack,etc., incluingmobile and web application testing tools – open source and commercial)

  • strong project management skills

  • advanced written and verbal communication skills and presentation skills including proposal preparation

  • excellent leadership, teamwork and client service skills

  • demonstrated integrity within a professional environment

PCI/DSS, ISO 27001, ISO 22301, security application certification, CISA, CISSP, CISM, CBCP, CIA or CFE certification is desired. Based on an individual's professional background, area of specialization, or industry focus, we recognize that other certifications, credentials, or experience may be more relevant than the listed certifications and therefore may be acceptable substitutes with written consent of EY's Americas IT Risk & Assurance leadership.

Ernst & Young is committed to diversity and equity.