• Anywhere


Dougie McAndrew

Opportunity to join a fast-growing team of IT controls, assurance and risk specialists in a leading Big 4 firm as an IT Risk and Assurance Manager. Based in Edinburgh or Glasgow, you will have the chance to work closely with a portfolio of high profile clients in multiple sectors, helping them manage their technology risks, exploit opportunities and operate effectively. The ongoing training and support given to help develop both your technical and soft skills make this an exceptional career opportunity.

The type of engagements the team work on include:
Assessing clients' IT environments and IT-related business processes that support the financial statements to determine the extent to which reliance can be placed on the internal control environment.
Identifying and remediating control and performance gaps compared to leading practice, helping clients gain stakeholder buy-in, reducing risk, and increasing value and visibility of IT cost.
Assisting organisations in the identification and management of information security risks by assessing the current state, prioritising improvements and conducting projects to reduce risk and improve regulatory compliance.

Key responsibilities include:
Planning, budgeting and delivering engagement for review by ITRA Managers or Senior ManagersGaining an understanding of the clients' IT applications and infrastructure to determine the effectiveness of the control environment through performing and reviewing process walkthroughs.
Reviewing detailed analysis of the control environment to gain assurance over effective operation of controls.
Identifying control weaknesses and any mitigating controls.
Reviewing working papers and supporting evidence in line with internal compliance requirements.
Effectively articulating control findings to key client stakeholders.

We're looking for individuals with experience of a combination of the following areas:
IT Risk, Control and Audit skills across:
– S4/HANA Finance, Oracle, Hyperion, Dynamics, mid-tier accounting packages
– Database systems including DB2, Sybase, RDS, OS/400, Oracle.
– Operating systems including OS/400, Windows, Unix (flavours incl AIX, HPUX, Red Hat, Solaris).
– SOx404 process control mapping (for risks and controls), IT testing, IT test and exception handling documentation, IT risk and control improvement.

The following are also advantageous:
Core GAM competencies (including compulsory training and certification): audit planning, audit documentation (subject to FRC inspection), audit testing incl exception handling, use of GAM, use of Canvas, integration with Audit.
ITPRM skills: Process controls, ITGC controls, SOD controls, migration risks and controls, HYpercare controls, interface controls, IPE controls.
SOCR skills: ISAE3402 frameworks, SSAE16 frameworks, COSO, COBIT, sampling, control descriptions, testing, exception handling, reporting.
Ongoing interactions with CIO, CFO, GFC, CISO, Head of Change, Head of Risk, Head of Audit, Head of Digital.

Full spec available to suitable candidates – please contact us for an informal discussion about this role, including package and background to the vacancy arising.
Adam Appointments is the only Scottish agency specialising exclusively in Corporate Governance recruitment.

Upload your CV or any other relevant file. Max. file size: 100 MB.
Please tick to consent to your data being used in line with the guidance set out in our privacy policy.