Business Unit UKI
Practice IT Risk & Assurance (ITRA)
Location Various - including London and Regions
Ernst & Young is recognised as a leading independent provider of technology, security and risk advisory services, supporting organisations to address the challenges of governance, transformation, regulatory compliance and maximising value for money. Ernst & Young has a global network of over 6,000 IT assurance and advisory professionals with 350 technical advisors in the UK alone, with cross-industry expertise and experience of information management and analytics, IT strategy and transformation, delivery assurance, procurement, security and IT controls.
Our approach to market is business-focused and our solutions are developed around client issues. ITRA forms part of a broader Advisory Services practice whose aim is to enable an integrated approach to the delivery of risk and advisory services to our clients.
In response to strong market demand, we are seeking additional individuals to enhance our existing team, with experience of all aspects of IT risk and control advisory including knowledge of core IT-related business controls and processes, information security risks and privacy/data protection compliance requirements. This is a fantastic opportunity to contribute to the future growth of our practice and work with a broad range of clients across a number of different sectors.
As you progress, you may choose to deepen your skills in one or more areas specialist areas such as IT Internal Audit, ERP Advisory, Information Security, Programme Assurance or a number of other areas.
The role will involve working with a variety of clients in a number of different industries as well as working with other Ernst & Young teams in areas such as the Audit, Performance Improvement and Risk practices. As an ambassador for the ITRA team, you will need to build a strong network internally and be able to exceed our clients' high expectations.
Experience of a consulting environment would be beneficial. We are seeking high performing individuals who have been recognised for exceeding expectations.
The primary responsibility of ITRA Consultants is to plan and deliver IT risk and control advisory engagements. Depending upon the size and complexity of the engagement, candidates may lead a small team or carry sole responsibility for technical delivery. Examples of IT risk and control advisory engagements include:
Assessing clients' IT environments and IT-related business processes that support the financial statements to determine the extent to which reliance can be placed on the internal control environment
Identifying and remediating control and performance gaps compared to leading practice, helping clients gain stakeholder buy-in, reduce risk, and increase value and visibility of IT cost
Assisting organisations in the identification and management of information security risks by assessing the current state, prioritising improvements and conducting projects to reduce risk and improve regulatory compliance
Identifying and managing privacy and data protection risks and compliance requirements, working across our clients' organisations to help meet stakeholder expectations and requirements.
Within the context of client engagements, specific responsibilities include:
Planning, budgeting and delivering engagement for review by ITRA Managers or Senior Managers
Gaining an understanding of the clients' IT applications and infrastructure to determine the effectiveness of the control environment through performing and reviewing process walkthroughs
Reviewing detailed analysis of the control environment to gain assurance over effective operation of controls
Identifying control weaknesses and any mitigating controls
Reviewing working papers and supporting evidence in line with internal compliance requirements
Effectively articulating control findings to key client stakeholders.
In addition, the ITRA team itself places a significant emphasis on its own management and development, including learning and development, knowledge sharing, current technologies, methodologies and the ongoing expansion of the team. All team members are expected to contribute to this process and participating fully in the team activities, meetings and workshops.
Finally, Consultants are also expected to contribute to the development and internal marketing of ITRA solutions, participate in the delivery of proposals to clients, involvement in the sales process and developing junior team members.
Relevant degree / qualifications from a leading university preferred
Minimum 2:1 Honours degree required.
You will need at least three years experience in IT risk and control including analysis and reporting or equivalent
You will also be able to understand how to assess core IT-related controls
Currently working or have experience in either professional services and/or internal audit.
There is no requirement for sector specialisation but strong insight into one or more of the following would be an advantage:
Oil & Gas
Highly professional with ability to work in challenging, diverse and evolving client environments
Flexible with the ability to learn quickly and leverage skills in new situations
Excellent verbal and written communication skills
The ability to build strong client relationships
Strong team working skills are essential
Strong presentation and facilitation skills
A passion to contribute to the growth of the practice
Self motivated with lots of energy and drive
Flexible, with the ability to learn quickly and leverage skills in new situations
The ability to deliver multiple/parallel projects.
Certified Information Security Auditor (CISA) qualification would be advantageous,
Advanced MS Excel beneficial
Knowledge of IT industry practice methodologies (e.g. CobiT, ITIL) is preferable
Experience of Windows, Oracle, SQL or UNIX environments is expected.
Ernst & Young - 3 years ago