Manager - IT Governance/Risk

Reporting:

- Position reports to the Group and GTM leads within the Cyber, Risk & Regulatory practice

Essential Duties and Responsibilities:

- Manage and direct the work streams related to IT SOX Compliance covering ITGC and IT Dependencies (ITAC, Interfaces, IPE's).

- Provide technical support in the assessment, design and implementation of ITGC requirements.

- Thorough understanding around ITGC domains such as Logical Access, Change Management, SDLC and Computer Operations.

- Exposure of testing IT Application Controls (Configurable, Non-configurable), Interfaces, IPE's, Data Migration and Platform Reviews.

- Review control evidence for adherence to accuracy, completeness and precision of control execution for all ITGC.

- Develop, implement and test controls for new acquisitions and in-scope entities.

- Work with control owners and operators to ensure quality, consistency and operability of new and existing controls.

- Collaborate and build long-term relationships with key stakeholders in a fast-paced and matrixed work environment.

- Review test findings, facilitate the remediation of ITGC control gaps, and escalate possible critical issues to senior management of client/Onshore teams.

- Plan and direct the work to team members, monitor their work, and take corrective action when necessary.

- Coaches, mentors, and develops direct reports, including overseeing new hire onboarding process and providing career development planning and opportunities; maintains a safe, secure, and legal work environment.

- Builds and maintains strong peer relationships within the team and across the organization.

- Coordinates work with External Auditors of the client if needed.

- Manage the Cyber, Risk & Regulatory (Advisory) team and client portfolio to deliver 8,000 to 12,000 of client hours.

Interpersonal Skills:

- Ability to work independently under general supervision with latitude for initiative and independent judgment.

- Effective verbal and written communications, including active listening skills and skill in presenting findings and recommendations.

- Ability to establish and maintain effective working relationships with co-workers and external contactors/auditors.

- Detail-oriented & comfortable working on multiple projects simultaneously.

- Individuals would be expected to cultivate a strong team environment and promote a positive working relationship amongst their team.

- Excellent communication skills, written and verbal would be expected.

- Ensure client service delivery in accordance with the quality guidelines & methodologies.

- Build and maintain client relationships by understanding and being responsive to client needs and ensuring high quality of deliverables.

- Contribute to people and knowledge development initiatives by developing training material and conducting training.

- Demonstrate strong analytical thinking and communication skills including the ability to research and understand complex processes and effectively communicate them to interested parties.

- Demonstrate superior relationship building and relationship management skills.

Client Management

- Develop strong working relationships with the client and onshore teams.

- Maintain excellent rapport and proactive communication with the stakeholders and clients.

Operational excellence

- Suggest ideas on improving engagement productivity and identify opportunities for improving client service.

- Manage engagement budgets and ensure compliance with engagement plans and internal quality & risk management procedures.

People related

- Display teamwork, integrity and leadership. Work with team members to set goals and responsibilities for specific engagements.

- Foster teamwork and innovation.

- Utilize technology & tools to continually learn and innovate, share knowledge with team members and enhance service delivery.

- Conduct workshops and technical training sessions for team members.

- Contribute to the learning & development agenda and knowledge harnessing initiatives

- Mentor and coach junior team members, enabling them to meet their performance goals and successfully grow their careers.

Minimum Qualifications

- Bachelor's degree in Information Systems, Computer Science Engineering

- B.E., B. TECH, M. TECH, MCA, BCA, CA, MBA

- Experience of business experience in technology audit, risk management, compliance, consulting, or information security including acting in the capacity of a supervisor

- Excellent knowledge of IT General Controls, automated and security controls

- Knowledge of security measures and auditing practices within various operating systems, databases and applications

- Experience in auditing financial applications, cyber security practices, privacy and various infrastructure platforms such as Unix, Linus, Windows, SQL Server, Oracle Databases

- Knowledge and concepts of auditing of cloud platforms (AWS, Azure and Google Cloud)

- Experience designing continuous auditing and monitoring tools and techniques is a plus.

- Good understanding of CoBIT 5 Domains of Access Management, SLDC & Change and Computer Operations and Control Design and Testing of SOX IT General Controls (ITGC) and/or IT Application Controls (ITAC)

- Experience in identifying control gaps and communicating audit findings and control redesign recommendations to Management/Clients

- Knowledge of regulations impacting privacy, integrity and availability of clients PII.

- Functional knowledge of major ERP suites (like SAP, Dynamics, Oracle EBS, Peoplesoft)

- Understanding of audit concepts and regulations

- Required overall experience in testing/reviewing and implementation of ITGC controls, CoBit 5 and developing COSO framework

- Candidates with 6-8 years of relevant experience in similar role, preferably with a "Big 4" or equivalent

- Chartered Accountant (would be added advantage)

Certification(s) preferred - CISA / CISM / CRISC / CISSP / ISO 27001 LA certifications