Senior Associate, IT Internal Audit

About The Position

Requirements

• Minimum three years of recent experience working within IT risk, cybersecurity, internal audit or IT compliance function as an internal employee; similar role as part of a professional services firm.
• Bachelor's degree from an accredited college/university in an appropriate field; CISA, CISM, CISSP, CRISC or similar certifications preferred.
• Master's degree from an accredited college/university preferred; one or more enterprise technology vendor certifications from IBM, Oracle, Microsoft, Google, AWS, ServiceNow, GitHub, Artifactory, Atlassian, or GitLab preferred.
• Prior knowledge leading and executing IT risk consulting, IT process re-engineering, IT audit, and IT internal controls engagements, leveraging IT governance and control frameworks such as COBIT, NIST Cybersecurity framework, NIST 800-53, IIA GTAG, Cloud Security Alliance, CMMI, and ITIL.
• Proficiency in core requirements and methodologies for Sarbanes-Oxley (SOX) internal control programs.
• Experience with IT risk management operating models, three lines-of-defense frameworks, integrated risk management practices, and/or risk intelligence capabilities.
• Understanding of commonly used enterprise technology infrastructure, CI-CD pipelines and DevOps management products/solutions from IBM, Oracle, Microsoft, Google, AWS, ServiceNow, Jenkins, GitHub, Artifactory, Atlassian, or GitLab preferred.
• Strong leadership and executive communication skills, technical knowledge, and the ability to write at a publication quality level in order to communicate findings and recommendations to the clients and senior management team.
• Must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future.

Responsibilities

• Design, coordinate, and oversee the day-to-day activities related to client engagements in one or more areas such as IT strategy and transformation programs, agile software development/DevOps, business continuity and disaster recovery, cybersecurity, cloud providers and other third parties; data management/governance, emerging technology such as AI, automation, and projects, General IT controls (GITCs) and application controls testing, and regulatory/compliance requirements such as Sarbanes Oxley (SOX), FedRAMP and Payment Card Industry (PCI).
• Review clients' IT traditional and agile processes as well as tools for security, resiliency and DevOps controls against leading practice, industry, or client frameworks; assess capability maturity, identify gaps in design and execution of the controls, as well as communicate issues and recommendations to senior management.
• Work with client senior management to design, and implement new IT risk and control frameworks, sustainable solutions, operating processes and people models to address key and evolving risks, as necessary.
• Complete comprehensive executive summaries, final reports, and deliver to client senior management; document and review engagement workpapers in accordance with KPMG requirements as well as common industry practice for internal audit and risk consulting client engagements.
• Lead efforts in developing and contributing content to related KPMG knowledge bases and internal practice development initiatives, including but not limited to research, thought leadership, marketing collateral, and share forums/peer exchange materials.

Benefits

• Comprehensive, competitive benefits package including medical and dental plans, vision coverage, disability and life insurance, 401(k) plans.
• Robust suite of personal well-being benefits to support mental health.
• Personal Time Off per fiscal year based on job classification, standard work hours, and years of service.
• Calendar of holidays to be observed during the year and two breaks each year where employees will not be required to use Personal Time Off.