EY Advisory - Risk Assurance Associate in Durban, South Africa

Advisory - Risk Assurance Associate

Advisory

Requisition # DUR0005R

Post Date 1 day ago

Our independent position and assessment capabilities provide clients with a candid and reliable overview of their risk landscape and the controls in place. As a risk assurance professional, you will be leading assessments and certification services that will directly support C-suite discussions and important business decisions regarding compliance, cost and quality of our clients’ risk management programs. You will be part of an international network of professionals across geographies and sectors, delivering assessment and certification services that will help verify compliance and improve the performance of our clients.

Our structured career framework means you’ll continue to develop, whatever level you’re at. So whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.

Job summary

Our IT Risk & Assurance services, are designed for the dual purpose of strengthening internal controls and, in so doing, helping to improve IT and business performance. In addition to assurance-related engagements such as financial attestation and ISAE 3402 engagements, our IT risk advisory services focus on IT governance and effectiveness; IT program management and assurance; security and controls of Enterprise Resource Planning (ERP) implementations; and business intelligence and information analysis. We are currently offering positions in the following areas:

  • Application Risk & Controls practice

  • Information Management and Analysis Services practice

  • Financial Services Technology Risk and IT Regulatory Services

Responsibilities, Qualifications, Certifications - External

In your role as a Risk Assurance Associate you’ll:

  • Effectively manage and motivate client engagement teams with diverse skills and backgrounds.

  • Consistently deliver quality client services and manage expectations of client service delivery.

  • Drive high-quality work products within expected timeframes and on budget.

  • Monitor progress, manage risk and ensure key stakeholders are kept informed about progress and expected outcomes.

  • Stay abreast of current business and industry trends relevant to the client's business.

  • Develop and maintain long-term relationships and networks with clients and internal EY stakeholders - Demonstrate deep technical capabilities and professional knowledge.

  • Possess in depth business acumen and demonstrate ability to quickly assimilate to new knowledge. - Remain current on new developments in advisory services capabilities and industry knowledge

Requirements:

  • A recognized university degree in accounting, business, information technology, engineering, mathematics or other relevant discipline

  • At least 2 years of relevant consulting or industry experience, preferably in a professional services environment or MNC.

  • Candidates who possess professional certifications such as Certified Public Accountant (CPA), Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) and / or Certified Fraud Examiner (CFE) are highly encouraged to apply.

  • Proficiency with Microsoft Excel, Access, Word, and PowerPoint

  • Strong analytical, interpersonal, communication, writing and presentation skills

  • Demonstrates integrity, values, principles, and work ethic

  • Willingness to travel on overseas assignment as the need arises

In addition, candidates should have experience in at least one of these specific areas below:

  1. Application Risk & Controls

This practice focuses on enterprise IT application assessment, Governance, Risk and Compliance (GRC) technology assessment, IT Application and Tool Implementation. We deliver valuable insights and enable better business decisions through improved quality of information.

To qualify, candidates should have:

  • Working experience on at least two (2) full cycles of access control framework definition, security role design, remediation and implementation for ERP solutions such as SAP and Oracle.

  • Working experience in performing business process controls review, access controls review (e.g., segregation of duties) and project risk assessments in an ERP environment. Having experience in continuous controls monitoring and controls optimization type of work would be an advantage.

  • In-depth knowledge on key risks and expected controls (including compensating controls) in one or more business processes (e.g., procure to pay, and financial statement close)

  • Understanding of and/or implementation experience with a variety of GRC tools (e.g., SAP GRC and Oracle ICM)

  1. Information Management and Analysis Services

This practice focuses on analytics delivery, analytics enablement, data quality and governance, and data management. We deliver valuable insights and enable better business decisions through effective collection, storage, analysis and management of quality of information.

To qualify, candidates should have:

  • Working experience in one or more of the following domains: data / statistical analysis, data management, data quality assessment and profiling, data governance, data warehouse / Cubes development, business intelligence, data mining, data conversion, continuous auditing / monitoring, data modeling, and/or ETL development

  • Competency with one or more of the following tools would be an added advantage: SQL, R, ACL, IDEA, SAS, SPSS, Business Objects, Congos, Tableau, Spotfire or other OLAP / analysis tools

  • In-depth knowledge with analytics implementation / development in one or more domains / industries (e.g., procurement,

  • HR, banking and / or government) would be useful

  • Strong analytical and problem-solving skills, and ability to work with incomplete or imperfect data.

  • Ability to identify and visualize relationships within large, not obviously related data sets.

  • Familiarity with linear algebra and matrix algorithms is a plus. Ability to build and interpret probabilistic models of complex, high-dimensional systems is a plus.

  1. Financial Services Technology Risk and IT Regulatory Services

This practice focuses on operational, management and governance aspects of technology risk and providing end-to-end IT regulatory advisory services. This requires relevant industry understanding and prior experience in handling or with regulators would be beneficial.

To qualify, candidates should have:

  • Strong understanding of industry operational and technology risk management processes and underlying technology controls

  • Experience in engaging and managing a variety of stakeholders with an ability to consult and develop remediation options, risk mitigation solutions

  • Understanding of regulatory reporting requirements and underlying technology requirements

  • Practical experience and understanding of technology and business processes in providing related risk assurance and advisory considerations

Who we are

Information technology is one of the key enablers for modern organizations. As one of our information technology risk and assurance professionals, you'll work with clients to improve the competitive advantage of their IT operations by enhancing efficiency and effectiveness. You'll help them create and implement processes to identify risks associated with running their systems and find ways to manage those risks. You can expect to work on some of the biggest external and internal audit engagements in the world and we'll give you the opportunities and support you need to succeed professionally and personally.