Senior Associate - Dallas, Texas - Consulting Services - IT Audit - Privacy/Security
At McGladrey, the IT audit security consultants work with large and small companies in various industries. They develop strong working relationships with clients built on understanding their businesses and challenges. Consultants work on multiple team engagements each year, including several pieces of any particular assignment-not just one part. Working in a mutually respectful team environment helps our consultants perform at their best and integrate their career with their personal life.
Senior IT audit security consultants provide quality services to clients by focusing on the IT controls and security of their clients. You will use your strong analytical skills to develop quality solutions to meet client requirements. Examples of specific assignments could include:
- Performing and coordinating technical security assessments including, PCI reviews, internal and external vulnerability assessments, attack and penetration studies, eCommerce reviews, and other technical audits
- Assess security of client networks, hosts, and applications
- Coordinating the testing and analysis of web applications and web services (SOAP, WSDL, UDDI)
- Performing technology risk assessments and reviewing, documenting, evaluating and testing general computer controls including access controls, change management, security, backup controls and operation controls, in a wide range of computing environments (e.g., mainframe, mid-range and client/server), for financial audit support and Sarbanes-Oxley 404 work.
- Reviewing, documenting, evaluating and testing application controls, particularly automated controls on a wide range of software application packages for financial reporting.
- Assisting financial audit and Sarbanes-Oxley compliance teams in the identification of control objectives and the design of control procedures to address those objectives.
- Identifying internal IT controls, assessing their design and operational effectiveness, determining risk exposures and developing remediation plans.
- Communicating findings and recommendations to client personnel.
- Determine technical and business impact of identified security issues and provide remediation guidance to clients
- Review application code, system configurations and device configurations using manual and automated techniques
- Measure and report clients' compliance with established industry or government requirements
- Bachelor's degree or equivalent
- Five + years experience in IT Audit, IT Security, Information Risk Management, IT Governance or other IT Compliance related work. Prior responsibilities should include performing in-depth technical IT risk assessments and vulnerability analyses, recommending, designing and advising on applicable IT controls, as well as regulatory and compliance reviews
- Expertise in IT internal controls and their applicability with regards to financial reporting and information systems support processes
- Good understanding of relevant regulations and industry standards (e.g., SOX, COSO, COBIT, FFIEC, ITIL, ISO27001, PCI, HIPAA and GLBA) and best practices and methodologies to address these requirements. Ability to apply these requirements to organizational internal control frameworks
- Professional certifications including Certified Ethical Hacker (CEH), Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®) and Certified Information Security Manager® (CISM®); Certified Information Privacy Professional (CIPP)
- Excellent written and oral communications skills
- Strong time management and organizational skills
- Great attitude and strong work ethic
- Ability to travel, especially regionally