Deloitte & Touche LLP seeks a Advisory Manager in Seattle, WA.
Work You'll Do
Direct engagement planning, organizing, budgeting, audit plan execution, and documentation of audit procedures performed. Conduct financial statement audit, Sarbanes-Oxley (SOX) 404, SOX readiness, IT controls testing, and SSAE 18 examinations. Utilize ERP, cloud platform technologies and various operating systems, including Peoplesoft, JDE, SAP S/4HANA, Windows, LINUX, UNIX/AIX, MS SQL, Azure, and Amazon Web Services. Lead engagement teams on project tasks. Execute interviews with management to document business cycle processes to ascertain effectiveness of company's entity level controls. Manage security configurations; conduct policy and procedure reviews; audit client platform baseline standards; and test platforms for numerous clients. Design and implement technical and general computer IT audits, systems development, conversion, and application control reviews, including process and procedure, documentation, control identification, test plan creation and execution, and executive reporting. Perform in-depth control assessments, document test requirements, and suggest remediation alternatives where necessary. Understand clients' business environments and complex risk management approaches. Build and nurture positive working relationships with clients. Identify opportunities to improve engagement profitability and facilitate use of technology-based tools or methodologies to review, design, and/or implement products and services. Will commute within the Seattle, WA area to perform the above job duties.
- Bachelor's degree in Computer Science, Information Systems, Engineering, Electronic Engineering, Math, or related field (willing to accept foreign education equivalent).
- Five years of information technology auditing and cyber security experience.
- Experience must include five years of:
- Auditing cyber security controls for IaaS, PaaS, and SaaS providers, including Azure, Amazon Web Services, and Azure DevOps;
- Auditing general computer controls and testing IT controls for applications, operating systems, network components, and databases, and performing integrated internal control audits under Sarbanes-Oxley 404 (SOX) guidelines;
- Performing audit procedures under U.S. and international standards, including SOC1, SOC2 and SOC3 examinations under SSAE18, ISAE3000/3402, Cloud Controls Matrix, and Cloud Computing Compliance Controls Catalogue ("C5");
- Developing technical report drafts using applicable industry standards;
- Providing guidance to clients on cloud security controls and associated frameworks, including customized solutions;
- Utilizing various technologies and languages, including SQL Server, HTML, Java, C#, XML, and network device configurations;
- Performing vulnerability testing, penetration testing, and data center security examinations, evaluating encryption techniques, and utilizing GITC frameworks, including COBIT and COSO;
- Performing control benchmarking against leading internal controls framework to identify gaps and excess controls; and
- Performing project management tasks, including project planning, economics, and overseeing quality, as well as mentoring and training junior team members and reviewing their work and deliverables.
- In the alternative, the employer is willing to accept a Master's degree and three years of experience as stated above.
- Experience must include one year of:
- Playing lead role in engagement planning and economics (including budgeting and billing) and developing go-to-market strategies for attestation services.
- Less than 10% travel outside of normal commuting distance.