Deloitte Global

This position is housed within the Technology Controls (TC) team of the Audit & Assurance (A&A) Products and Solutions group that develops and deploys innovative technology products and solutions to Deloitte’s Audit & Assurance business and its clients. As an Information Technology (IT) Controls Specialist – Senior Consultant, will be responsible for testing and monitoring controls over the technology solutions in multiple IT environments and cloud hosting locations at all stages of application design, development, and deployment. 

Responsibilities:

•  Help drive quality as part of the software development lifecycle (SDLC), using established risk and control frameworks (such as COBIT, SOX, and SOC/ISAE) to ensure that development, hosting, deployment and other risk decisions
• Ensure to comply with existing firm policies, professional standards, laws and regulations and other internal and external requirements
• Assist with the creation of consultation memos resulting from subject matter expert or stakeholder collaboration
• Coordinate the centralized software review and certification process with Deloitte’s National Office
• Oversee and collaborate with various groups (e.g., internal IT organization, Deloitte’s vendors and IT service providers)
• Prepare and/or validate IT control-related aspects of product risk assessments and confidential information management plans
• Assist with reviewing functional and nonfunctional requirements (i.e., user stories and acceptance criteria) and testing scripts to ensure alignment with controls requirements

• Bachelor’s degree in Computer Engineering, Management Information Systems, or other related degree
• Minimum of 1-2 years of experience in high-performing technology risk organization, or similar with some experience working on large and medium-size audits (i.e. PCAOB standards) or internal audit experience
• Working knowledge of Information Technology controls (GITC) across multiple IT platforms, including, but not limited to Windows and UNIX/Linux operating systems, SQL server, MongoDB, PostgreSQL, and MySQL databases
• Basic understanding and working knowledge of SOC 2, SOC 1 or ISAE 3402 methodologies
• Basic understanding of cloud computing concepts, including PaaS/IaaS services and SaaS offerings, as they relate to hosting environments (such as Microsoft Azure and Amazon Web Services) and their related controls