RSM\xe2\x80\x99s purpose is to deliver the power of being understood to our clients, colleagues and communities through world-class audit, tax and consulting services. The clients we serve are the engine of global commerce and economic growth and we are focused on developing leading professionals and services to meet their evolving needs in today\xe2\x80\x99s ever-changing business environment.

Our clients depend upon effective risk management, IT audit, and governance to achieve their business objectives. Our IT risk professionals serve middle market and complex global clients. We work with clients across a wide variety of industries developing strong working relationships built on understanding their businesses, their challenges, risks, and information technology (IT) requirements.

We are looking for an Associate, SOC Technology Risk (System and Organization Controls) to become an integral part of the team by effectively delivering IT risk services, managing engagements, and advising client leadership. This role is based in Toronto.

Responsibilities

• Actively participate in all aspects of client engagements including planning, scoping, testing, analysis, documentation, reporting and remediation typically including IT control reviews, IT audits, IT risk assessments, IT compliance and related work
• Evaluate IT controls within different contexts, including internal controls over financial reporting (ICFR) engagements (external financial statement audit, Sarbanes-Oxley (SOX)), Systems and Organization Control (SOC) engagements, and IT audit co-source engagements
• Understand and execute all aspects of Systems and Organization Control (SOC) readiness and attestation engagements, including planning, executing and reporting
• Execute both IT general controls (ITGCs) as well as business process automated controls (application controls or ITACs) control testing
• Evaluate IT controls leveraging different frameworks (COBIT, COSO, ITIL, ISO) and across various aspects of clients\xe2\x80\x99 IT organizations, including application systems and infrastructure (OS, DB, network) systems
• Support engagement leadership from project management perspective (project plans, timelines, budgets, project economics, status reporting)
• Understand how IT control work impacts the client\xe2\x80\x99s broader business
• Advise client leadership on the design and operational effectiveness of IT controls
• Advise client leadership on strategic plans and other business matters, helping our clients anticipate emerging risks and information technology opportunities
• Develop good working relationships and collaborate effectively with colleagues and clients
• Develop internal control documentation including internal control matrices, process narratives, and data flows

Basic Qualifications

• 1-3 years of experience in IT audit, IT risk and control, IT compliance or related work
• Previous public accounting experience
• Experience delivering SOC engagements readiness and attestation engagements, including planning, execution, and reporting
• Strong knowledge of IT internal controls
• Understanding of the different contexts in which IT control work is performed, including internal controls over financial reporting (ICFR), Sarbanes-Oxley (SOX), SOC, and internal audit
• Experience supporting leadership from project management perspective including with project plans, metrics, and status reporting
• General understanding of relevant regulations and industry standards such as FFIEC, SOX, SOC, COSO, COBIT, ITIL, ISO27001, PCI, HIPAA and GLBA, plus best practices and methodologies to address these requirements
• Professional certification such as CPA, CISA, CISSP, CISM or CIPP
• Ability to interpret and convey technical information to all audiences
• Excellent communication skills with the capability to articulate, write and present information in a clear and understandable manner
• Excellent analytical and problem solving skills
• Strong time management and organizational skills with ability to effectively manage competing priorities
• Ability to travel up to 25%
• Bachelor\xe2\x80\x99s degree in IT or related discipline

Preferred Qualifications

• Experience with a professional services firm
• Strong understanding of IT controls in a widely used ERP (SAP, Oracle, JD Edwards, PeopleSoft)
• Strong knowledge of one particular industry (financial services, manufacturing, technology, public sector)
• Experience with large datasets leveraging data analytics/visualization tools including ACL, IDEA, Tableau
• Knowledge of business process controls

In accordance with applicable law and RSM policy, prospective hires will be required to demonstrate that they have been fully vaccinated for COVID-19. If not vaccinated for COVID-19 they must qualify for an accommodation to this vaccination requirement or participate in testing.
Currently, RSM does not intend to hire candidates for entry level positions who will need, now or in the future, RSM sponsorship through any non-immigrant visa category such as the H-1B, H-1B1, E-3, O-1, or TN. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please call us at 800-274-3978 or send us an email at careers@rsmus.com. You want your next step to be the right one. You\'ve worked hard to get where you are today. And now you\'re ready to use your unique skills, talents and personality to achieve great things. RSM is a place where you are valued as an individual, mentored as a future leader, and recognized for your accomplishments and potential. Working directly with clients, key decision makers and business owners across various industries and geographies, you\'ll move quickly along the learning curve and our clients will benefit from your fresh perspective. Experience RSM. Experience the power of being understood. RSM is an equal opportunity/affirmative action employer. Minorities/Females/Disabled/Veterans.