Manager, Data Risk & Security
BDO
- Houston, TX
- $120,000-130,000 per year
- Permanent
- Full-time
- Documents and tests application and automated controls on a wide range of software application packages
- Prepares audit reports and recommendations associated with audit work performed
- Manages Cybersecurity assessment projects and ensures the appropriate risks are addressed
- Participates in the review of internal controls based on Sarbanes-Oxley Act requirements
- Communicates to the client areas to strengthen controls, mitigate risks and/or increase efficiency
- Identifies key risks and assesses their impact and likeliness of occurrence
- Establishes engagement budget, makes pricing scope changes and prepares billings
- Utilizes research tools, databases, and trade publications to develop understanding of client's industry
- Prepares formal and informal presentations for client meetings
- Participates in marketing and business development activities within practice
- Completes research and draft proposals and reports
- Recognizes technical concerns or issues and communicates those concerns with internal and client management
- Plans and executes the audit work on assigned engagements
- Recognizes and validates relevant technical issues and brings them to the attention of client management
- Reviews the work product of staff
- Ensures technology is appropriately integrated into the audit process
- Acts as primary client contact for all questions and issues
- Communicates suggested improvements to processes, controls and risk management capabilities to client management and audit committees
- Analyzes the client's IT and Cybersecurity processes, risk, and controls
- Develops and maintains relationships with client personnel and management
- Documents controls, tests performed and results
- Administers project plans
- Other duties as required
- Supervises the day-to-day workload of RAS Senior Associates and Associates on assigned engagements and reviews work product
- Ensures RAS Senior Associates and Associates are trained on all relevant software
- Evaluates the performance of RAS Senior Associates and Associates and assists in the development of goals and objectives to enhance professional development
- Delivers periodic performance feedback and completes performance evaluations for RAS Senior Associates and Associates
- Acts as mentor to RAS Senior Associates and Associates, as appropriate
- May act as a Career Advisor to associates or senior associates
- Bachelor's degree in Accounting, Finance, Management Information Systems, or Business Intelligence, required
- Five 5) or more years of experience performing Sarbanes-Oxley Readiness services, internal audit, consulting, or risk services as a Technology Subject Matter Expert, required
- Two (2) years of experience within a public accounting firm, preferred
- Experience performing audits of particular industries (manufacturing, retail, distribution, etc.), based upon the RAS practice's need, required
- Prior significant supervisory experience, required
- Experience performing systems audits and audits of application controls, required
- Experience with internal controls including flowcharts, documentation and testing of controls, required
- Experience conducting audit planning, developing audit programs, performing testing, and preparing work papers, required
- Experience performing audits within a public accounting environment, preferred
- Certificate of Internal Auditor (“CIA”), Certified Public Accountant (“CPA”), Certified Fraud Examiner (“CFE”), Certified Information System Auditor (“CISA”), Certified Information Systems Security Professional (“CISSP”), or equivalent certifications, required
- Exposure to industry software such as AS400, PeopleSoft, JD Edwards, SAP, Lawson, Oracle Financials, Great Plains, Solomon IV and MAS/90-500, UNIX, OS400 or ERP application software packages, preferred
- N/A
- Solid understanding and experience planning and coordinating the stages to perform an audit
- Knowledge of internal accounting controls and professional standards and regulations
- Strong verbal and written communication skills, specifically business / report writing
- Ability to adapt style and messaging to effectively communicate with professionals at all levels both within the client organization and the firm
- Ability to successfully multi-task while working independently and within a group environment
- Superior analytical and diagnostic skills and ability to break down complex issues and implementing appropriate resolutions
- Capable of working in a demanding, deadline driven environment with a focus on details and accuracy
- Solid project management skills
- Sound SOX knowledge and familiarity with SEC and PCAOB reporting rules
- Solid grasp of general IT control concepts
- Understanding of the NIST Cyber Security Framework and/or ISO security standards
- Excellent people development and delegation skills, including training/instruction and engagement scheduling and budgeting
- Executive presence to act as primary contact for clients while preparing and presenting to clients and potential clients
- Capable of resolving complex business issues
- Build and maintain strong relationships with internal and client personnel
- Travel as needed
- Welcoming diverse perspectives and understanding the experience of our professionals and clients
- Empowering team members to explore their full potential
- Our talented team who brings varying skills, knowledge and experience to proactively help our clients navigate an expanding array of complex challenges and opportunities
- Celebrating ingenuity and innovation to transform our business and help our clients transform theirs
- Focus on resilience and sustainability to positively impact our people, clients, and communities