4,557 IT Auditor jobs in India

Job Title: Senior Analyst – IT Risk and Compliance

Location: Chennai

Department: IT Risk & Compliance

Reports To: Manager, IT Risk and Compliance

Job Type: Full-Time

Job Summary

We are seeking a highly motivated and detail-oriented IT Compliance Analyst to join our Risk & Compliance team. The ideal candidate will be responsible for performing comprehensive IT compliance assessments, testing IT general controls and IT Automated controls and ensuring the organization adheres to internal policies and external regulatory requirements, including Sarbanes-Oxley (SOX). This role plays a critical part in maintaining a strong internal control environment and driving process improvement across the organization.

Key Responsibilities

• Assist in planning and scoping IT compliance and internal control assessments.
• Identify risk areas and develop internal control testing programs.
• Perform end-to-end IT compliance assessments, including evaluating effectiveness of risk and control frameworks.
• Test IT General Controls (ITGCs) across domains like change management, logical access, SDLC and IT operations.
• Assess IT Automated Controls across business functions such as payroll, inventory, and revenue.
• Document control walkthroughs using narratives and flowcharts.
• Develop, maintain, and present compliance workpapers and reports highlighting control deficiencies and recommendations.
• Collaborate with management to communicate findings and ensure timely remediation of audit issues.
• Support external audit activities by coordinating information requests and walkthroughs.
• Stay up to date with regulatory and industry developments in IT compliance and risk management.
• Engage in continuous improvement efforts to enhance the efficiency and effectiveness of compliance processes.

Qualifications

• Bachelor's degree in Information Technology, Computer Science etc.
• Professional certification (or working towards) such as CISA, CRISC, CISSP, or CISM preferred.
• 7–10 years of experience in IT audit, compliance, or risk management; minimum 3-5 years in a Big 4 or similar professional services firm preferred.
• Strong understanding of IT infrastructure, applications, and enterprise systems.
• Knowledge of Sarbanes-Oxley (SOX), ITGCs, automated controls, and internal control principles.
• Experience with audit and compliance tools (e.g., eAudit, Auditboard, or equivalent).
• Ability to understand cross-functional business processes and their integration with IT systems.
• Strong interpersonal, communication, and report-writing skills.
• Able to work independently and collaboratively under tight deadlines.
• Demonstrated sound judgment, critical thinking, and attention to detail.

Preferred Skills

• Hands-on experience in documenting business processes and identifying control gaps.
• Ability to present findings to senior stakeholders and recommend practical remediation steps.
• Familiarity with GRC platforms and data analytics tools.
• Understanding of global business practices and regulatory environments.

About KPMG in India

KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada.

KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focussed and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment.

Responsibilities

• Perform testing of IT Application Controls/ITAC/Automated controls, IPE, and Interface Controls through code reviews, IT General Controls/ITGC/GITC review covering areas such as Change Management, Access Management, Backup Management, Incident and Problem Management, SDLC, Data Migration, Batch Job scheduling/monitoring and Business Continuity and Disaster Recovery
• Perform Risk Assessment, identification, and Evaluation of Controls, prepare process flow diagrams and document the same in Risk & Control Matrix.
• Perform business process walkthrough and controls testing for IT Audits.
• Performing planning and executing audits, including - SOX, Internal Audits, External Audits
• Conducting controls assessment in manual/ automated environment
• Prepare/Review of Policies, Procedures, SOPs
• Maintain relationships with client management and the project Manager to manage expectations of service, including work products, timing, and deliverables.
• Demonstrate a thorough understanding of complex information systems and apply it to client situations. Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the work to be performed.
• Coordinate effectively and efficiently with the Engagement manager and the client management keeping both constantly updated regarding project’s progress. Collaborate with other members of the engagement team to plan the engagement and develop relevant workpapers/deliverables.
• Perform fieldwork and share the daily progress of fieldwork, informing supervisors of engagement status.

Qualifications

• MBA/Mtech/MS full time with minimum 3 year experience.
• IT Audit + SAP experience with knowledge of IT governance practices
• Prior IT Audit knowledge in areas of ITGC, ITAC (application/automated controls) SOX 404, SOC-1 and SOC-2 Audits
• Good to have knowledge of other IT regulations, standards and benchmarks used by the IT industry (e.g. NIST, PCI-DSS, ITIL, OWASP, SOX, COBIT, SSAE18/ISAE 3402 etc.)
• Technical Knowledge of IT Audit Tools with excellent knowledge of IT Audit process and methodology
• Exposure to Risk Management and Governance Frameworks/ Systems will be an added advantage
• Exposure to ERP systems will be added advantage
• Strong project management, communication (written and verbal) and presentation skills
• Knowledge of security measures and auditing practices within various applications, operating systems, and databases.
• Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism
• Preferred Certifications – CISA/CISSP//CISM
• Exposure to automation Data Analytics tools such as QlikView/Qlik sense, ACL, Power BI will be an advantage
• Proficiency with Microsoft Word, Excel, Visio, and other MS Office tools

Equal Opportunity Employer KPMG India:

KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.

Job Title: Senior Analyst – IT Risk and Compliance

Location: Chennai

Department: IT Risk & Compliance

Reports To: Manager, IT Risk and Compliance

Job Type: Full-Time

Job Summary

We are seeking a highly motivated and detail-oriented IT Compliance Analyst to join our Risk & Compliance team. The ideal candidate will be responsible for performing comprehensive IT compliance assessments, testing IT general controls and IT Automated controls and ensuring the organization adheres to internal policies and external regulatory requirements, including Sarbanes-Oxley (SOX). This role plays a critical part in maintaining a strong internal control environment and driving process improvement across the organization.

Key Responsibilities

• Assist in planning and scoping IT compliance and internal control assessments.
• Identify risk areas and develop internal control testing programs.
• Perform end-to-end IT compliance assessments, including evaluating effectiveness of risk and control frameworks.
• Test IT General Controls (ITGCs) across domains like change management, logical access, SDLC and IT operations.
• Assess IT Automated Controls across business functions such as payroll, inventory, and revenue.
• Document control walkthroughs using narratives and flowcharts.
• Develop, maintain, and present compliance workpapers and reports highlighting control deficiencies and recommendations.
• Collaborate with management to communicate findings and ensure timely remediation of audit issues.
• Support external audit activities by coordinating information requests and walkthroughs.
• Stay up to date with regulatory and industry developments in IT compliance and risk management.
• Engage in continuous improvement efforts to enhance the efficiency and effectiveness of compliance processes.

Qualifications

• Bachelor's degree in Information Technology, Computer Science etc.
• Professional certification (or working towards) such as CISA, CRISC, CISSP, or CISM preferred.
• 7–10 years of experience in IT audit, compliance, or risk management; minimum 3-5 years in a Big 4 or similar professional services firm preferred.
• Strong understanding of IT infrastructure, applications, and enterprise systems.
• Knowledge of Sarbanes-Oxley (SOX), ITGCs, automated controls, and internal control principles.
• Experience with audit and compliance tools (e.g., eAudit, Auditboard, or equivalent).
• Ability to understand cross-functional business processes and their integration with IT systems.
• Strong interpersonal, communication, and report-writing skills.
• Able to work independently and collaboratively under tight deadlines.
• Demonstrated sound judgment, critical thinking, and attention to detail.

Preferred Skills

• Hands-on experience in documenting business processes and identifying control gaps.
• Ability to present findings to senior stakeholders and recommend practical remediation steps.
• Familiarity with GRC platforms and data analytics tools.
• Understanding of global business practices and regulatory environments.

About KPMG in India

KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada.

KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focussed and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment.

Responsibilities

• Perform testing of IT Application Controls/ITAC/Automated controls, IPE, and Interface Controls through code reviews, IT General Controls/ITGC/GITC review covering areas such as Change Management, Access Management, Backup Management, Incident and Problem Management, SDLC, Data Migration, Batch Job scheduling/monitoring and Business Continuity and Disaster Recovery
• Perform Risk Assessment, identification, and Evaluation of Controls, prepare process flow diagrams and document the same in Risk & Control Matrix.
• Perform business process walkthrough and controls testing for IT Audits.
• Performing planning and executing audits, including - SOX, Internal Audits, External Audits
• Conducting controls assessment in manual/ automated environment
• Prepare/Review of Policies, Procedures, SOPs
• Maintain relationships with client management and the project Manager to manage expectations of service, including work products, timing, and deliverables.
• Demonstrate a thorough understanding of complex information systems and apply it to client situations. Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the work to be performed.
• Coordinate effectively and efficiently with the Engagement manager and the client management keeping both constantly updated regarding project’s progress. Collaborate with other members of the engagement team to plan the engagement and develop relevant workpapers/deliverables.
• Perform fieldwork and share the daily progress of fieldwork, informing supervisors of engagement status.

Qualifications

• MBA/Mtech/MS full time with minimum 3 year experience.
• IT Audit + SAP experience with knowledge of IT governance practices
• Prior IT Audit knowledge in areas of ITGC, ITAC (application/automated controls) SOX 404, SOC-1 and SOC-2 Audits
• Good to have knowledge of other IT regulations, standards and benchmarks used by the IT industry (e.g. NIST, PCI-DSS, ITIL, OWASP, SOX, COBIT, SSAE18/ISAE 3402 etc.)
• Technical Knowledge of IT Audit Tools with excellent knowledge of IT Audit process and methodology
• Exposure to Risk Management and Governance Frameworks/ Systems will be an added advantage
• Exposure to ERP systems will be added advantage
• Strong project management, communication (written and verbal) and presentation skills
• Knowledge of security measures and auditing practices within various applications, operating systems, and databases.
• Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism
• Preferred Certifications – CISA/CISSP//CISM
• Exposure to automation Data Analytics tools such as QlikView/Qlik sense, ACL, Power BI will be an advantage
• Proficiency with Microsoft Word, Excel, Visio, and other MS Office tools

Equal Opportunity Employer KPMG India:

KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.

Job SummaryWe are looking for GRC, SOC AUDITOR ConsultantresponsibilitiesDemonstrate proficiency in Schellman MethodologyGuide associates and peersObtain certifications (ISO LA, CISA, CISSP, AWS CCP, etc.)Successfully run a project from fieldwork through completionUnderstand and demonstrate ability to speak to Schellman's service lines at a high level and their leadersDemonstrate proficiency of SOC 1 GITCs and each Security, Availability, Processing Integrity, Confidentiality, and Privacy SOC 2 criteriaDemonstrate understanding of Principal Service Commitments and System Requirements and how they impact scope of a SOC 2Know all four report opinion outcomes and ability to draft modified opinionsDemonstrate ability to identify if exception(s) would potentially yield a qualified opinionDemonstrate self-organization, consistently and proactively look ahead to future projects, and prepare accordingly•Schellman MethodologyRead STMV quarterly, and demonstrate ability to apply concepts (sampling methodology, TA language structure, exception wording, etc.)Review and demonstrate ability to apply concepts of AS 2.0 Reference GuideReview and demonstrate ability to apply concepts of “EWP WP Guidance”Obtain CCSK and begin pursuing second certification (ISO 27001 LA, CISA, AWS CCP)Understand and demonstrate ability to articulate differences between SOC 1 and SOC 2Participate on project as a shadow or assessor for attestation offerings such as HIPAA, AUP, C5, etc.Begin understanding SOC 1 GITCs and each SOC 2 criteria for the Security, Availability, and Confidentiality categoriesAbility to articulate qualified vs unqualified opinion; know all four types of opinionsLearn Schellman's services and service line leadersAdhere to and complete all matters included in the Associate Score CardAccurately manage and report time worked to each project / initiativeComplying with Schellman’s code of ethics and professional conduct, methodologies, policies, and proceduresAdhering to the professional and regulatory standards relevant to assigned service line specialization(s)Promoting Schellman’s company culture and exemplifying Schellman's valuesEstablishing high quality relationships and rapport with client personnelManaging client expectations to ensure expectations are exceededCompleting assigned duties in a timely manner and with a high attention to detailCollaborating with fellow project team members in a productive and timely manner throughout the life cycle of each projectAdhering to project schedules and keeping fellow project team members apprised of the progress of assigned tasksEscalating issues internally in a proper and timely mannerUsing discretion and decorum in the timing, form, and content of all client communicationsBooking travel reservations in a timely manner and in accordance with Schellman's travel and expense policies and proceduresPerforming the essential functions of other service delivery positions when qualified and called upon to do soAttending project kick-off and closing meetingsExecuting assigned testing procedures, performing detailed analysis, reaching conclusions, documenting results in accordance with company standards, and suggesting ideas for improvements, where applicableDrafting project deliverablesServing as a contact for clients' basic questions regarding an engagementParticipating in recruiting and candidate interview activitiesTraining project team membersAcclimating newer team members to SchellmanContributing to Schellman's practice development effortsDeveloping an expert knowledge of professional and regulatory standards relevant to assigned service line specialization(s)Contributing to Schellman's thought leadership (e.g., articles, webinars, public speaking, etc.)QualificationsBachelor's degree in accounting, finance, business management, technology, or other relevant subject area, or equivalent years of experience directly related to the duties and responsibilities specified2+ years of related professional services experience in information security auditing, assessment, consulting or compliance, focused on ITGC or SOC controlsAbility to work well independently, within a team and with clients as well as travel ~40-50% (M-Th)Maintains (preferred) or working towards obtaining least one certification relevant to Schellman's services (i.e. CPA, CCSK or CISA)Knowledge, Skills, and Abilities:Working knowledge of Schellman’s services, methodology, and relevant professional standardsRequisite knowledge of applicable technology and security domainsHigh level of attention to detail and quality of work productClient service orientedExcellent time management, organizational, and verbal and written communication skillsAbility to work on-site or remotely as a valuable contributor to a collaborative teamCapable of simultaneously managing assigned tasks for multiple projectsProficient using Microsoft Word, Excel, and Power Point, as well as Schellman’s service delivery applicationsFull understanding and application of ethics, independence and Schellman’s values

Job SummaryWe are looking for GRC, SOC AUDITOR ConsultantresponsibilitiesDemonstrate proficiency in Schellman MethodologyGuide associates and peersObtain certifications (ISO LA, CISA, CISSP, AWS CCP, etc.)Successfully run a project from fieldwork through completionUnderstand and demonstrate ability to speak to Schellman's service lines at a high level and their leadersDemonstrate proficiency of SOC 1 GITCs and each Security, Availability, Processing Integrity, Confidentiality, and Privacy SOC 2 criteriaDemonstrate understanding of Principal Service Commitments and System Requirements and how they impact scope of a SOC 2Know all four report opinion outcomes and ability to draft modified opinionsDemonstrate ability to identify if exception(s) would potentially yield a qualified opinionDemonstrate self-organization, consistently and proactively look ahead to future projects, and prepare accordingly•Schellman MethodologyRead STMV quarterly, and demonstrate ability to apply concepts (sampling methodology, TA language structure, exception wording, etc.)Review and demonstrate ability to apply concepts of AS 2.0 Reference GuideReview and demonstrate ability to apply concepts of “EWP WP Guidance”Obtain CCSK and begin pursuing second certification (ISO 27001 LA, CISA, AWS CCP)Understand and demonstrate ability to articulate differences between SOC 1 and SOC 2Participate on project as a shadow or assessor for attestation offerings such as HIPAA, AUP, C5, etc.Begin understanding SOC 1 GITCs and each SOC 2 criteria for the Security, Availability, and Confidentiality categoriesAbility to articulate qualified vs unqualified opinion; know all four types of opinionsLearn Schellman's services and service line leadersAdhere to and complete all matters included in the Associate Score CardAccurately manage and report time worked to each project / initiativeComplying with Schellman’s code of ethics and professional conduct, methodologies, policies, and proceduresAdhering to the professional and regulatory standards relevant to assigned service line specialization(s)Promoting Schellman’s company culture and exemplifying Schellman's valuesEstablishing high quality relationships and rapport with client personnelManaging client expectations to ensure expectations are exceededCompleting assigned duties in a timely manner and with a high attention to detailCollaborating with fellow project team members in a productive and timely manner throughout the life cycle of each projectAdhering to project schedules and keeping fellow project team members apprised of the progress of assigned tasksEscalating issues internally in a proper and timely mannerUsing discretion and decorum in the timing, form, and content of all client communicationsBooking travel reservations in a timely manner and in accordance with Schellman's travel and expense policies and proceduresPerforming the essential functions of other service delivery positions when qualified and called upon to do soAttending project kick-off and closing meetingsExecuting assigned testing procedures, performing detailed analysis, reaching conclusions, documenting results in accordance with company standards, and suggesting ideas for improvements, where applicableDrafting project deliverablesServing as a contact for clients' basic questions regarding an engagementParticipating in recruiting and candidate interview activitiesTraining project team membersAcclimating newer team members to SchellmanContributing to Schellman's practice development effortsDeveloping an expert knowledge of professional and regulatory standards relevant to assigned service line specialization(s)Contributing to Schellman's thought leadership (e.g., articles, webinars, public speaking, etc.)QualificationsBachelor's degree in accounting, finance, business management, technology, or other relevant subject area, or equivalent years of experience directly related to the duties and responsibilities specified2+ years of related professional services experience in information security auditing, assessment, consulting or compliance, focused on ITGC or SOC controlsAbility to work well independently, within a team and with clients as well as travel ~40-50% (M-Th)Maintains (preferred) or working towards obtaining least one certification relevant to Schellman's services (i.e. CPA, CCSK or CISA)Knowledge, Skills, and Abilities:Working knowledge of Schellman’s services, methodology, and relevant professional standardsRequisite knowledge of applicable technology and security domainsHigh level of attention to detail and quality of work productClient service orientedExcellent time management, organizational, and verbal and written communication skillsAbility to work on-site or remotely as a valuable contributor to a collaborative teamCapable of simultaneously managing assigned tasks for multiple projectsProficient using Microsoft Word, Excel, and Power Point, as well as Schellman’s service delivery applicationsFull understanding and application of ethics, independence and Schellman’s values

Job SummaryWe are looking for GRC, SOC AUDITOR ConsultantresponsibilitiesDemonstrate proficiency in Schellman MethodologyGuide associates and peersObtain certifications (ISO LA, CISA, CISSP, AWS CCP, etc.)Successfully run a project from fieldwork through completionUnderstand and demonstrate ability to speak to Schellman's service lines at a high level and their leadersDemonstrate proficiency of SOC 1 GITCs and each Security, Availability, Processing Integrity, Confidentiality, and Privacy SOC 2 criteriaDemonstrate understanding of Principal Service Commitments and System Requirements and how they impact scope of a SOC 2Know all four report opinion outcomes and ability to draft modified opinionsDemonstrate ability to identify if exception(s) would potentially yield a qualified opinionDemonstrate self-organization, consistently and proactively look ahead to future projects, and prepare accordingly•Schellman MethodologyRead STMV quarterly, and demonstrate ability to apply concepts (sampling methodology, TA language structure, exception wording, etc.)Review and demonstrate ability to apply concepts of AS 2.0 Reference GuideReview and demonstrate ability to apply concepts of “EWP WP Guidance”Obtain CCSK and begin pursuing second certification (ISO 27001 LA, CISA, AWS CCP)Understand and demonstrate ability to articulate differences between SOC 1 and SOC 2Participate on project as a shadow or assessor for attestation offerings such as HIPAA, AUP, C5, etc.Begin understanding SOC 1 GITCs and each SOC 2 criteria for the Security, Availability, and Confidentiality categoriesAbility to articulate qualified vs unqualified opinion; know all four types of opinionsLearn Schellman's services and service line leadersAdhere to and complete all matters included in the Associate Score CardAccurately manage and report time worked to each project / initiativeComplying with Schellman’s code of ethics and professional conduct, methodologies, policies, and proceduresAdhering to the professional and regulatory standards relevant to assigned service line specialization(s)Promoting Schellman’s company culture and exemplifying Schellman's valuesEstablishing high quality relationships and rapport with client personnelManaging client expectations to ensure expectations are exceededCompleting assigned duties in a timely manner and with a high attention to detailCollaborating with fellow project team members in a productive and timely manner throughout the life cycle of each projectAdhering to project schedules and keeping fellow project team members apprised of the progress of assigned tasksEscalating issues internally in a proper and timely mannerUsing discretion and decorum in the timing, form, and content of all client communicationsBooking travel reservations in a timely manner and in accordance with Schellman's travel and expense policies and proceduresPerforming the essential functions of other service delivery positions when qualified and called upon to do soAttending project kick-off and closing meetingsExecuting assigned testing procedures, performing detailed analysis, reaching conclusions, documenting results in accordance with company standards, and suggesting ideas for improvements, where applicableDrafting project deliverablesServing as a contact for clients' basic questions regarding an engagementParticipating in recruiting and candidate interview activitiesTraining project team membersAcclimating newer team members to SchellmanContributing to Schellman's practice development effortsDeveloping an expert knowledge of professional and regulatory standards relevant to assigned service line specialization(s)Contributing to Schellman's thought leadership (e.g., articles, webinars, public speaking, etc.)QualificationsBachelor's degree in accounting, finance, business management, technology, or other relevant subject area, or equivalent years of experience directly related to the duties and responsibilities specified2+ years of related professional services experience in information security auditing, assessment, consulting or compliance, focused on ITGC or SOC controlsAbility to work well independently, within a team and with clients as well as travel ~40-50% (M-Th)Maintains (preferred) or working towards obtaining least one certification relevant to Schellman's services (i.e. CPA, CCSK or CISA)Knowledge, Skills, and Abilities:Working knowledge of Schellman’s services, methodology, and relevant professional standardsRequisite knowledge of applicable technology and security domainsHigh level of attention to detail and quality of work productClient service orientedExcellent time management, organizational, and verbal and written communication skillsAbility to work on-site or remotely as a valuable contributor to a collaborative teamCapable of simultaneously managing assigned tasks for multiple projectsProficient using Microsoft Word, Excel, and Power Point, as well as Schellman’s service delivery applicationsFull understanding and application of ethics, independence and Schellman’s values

Job SummaryWe are looking for GRC, SOC AUDITOR ConsultantresponsibilitiesDemonstrate proficiency in Schellman MethodologyGuide associates and peersObtain certifications (ISO LA, CISA, CISSP, AWS CCP, etc.)Successfully run a project from fieldwork through completionUnderstand and demonstrate ability to speak to Schellman's service lines at a high level and their leadersDemonstrate proficiency of SOC 1 GITCs and each Security, Availability, Processing Integrity, Confidentiality, and Privacy SOC 2 criteriaDemonstrate understanding of Principal Service Commitments and System Requirements and how they impact scope of a SOC 2Know all four report opinion outcomes and ability to draft modified opinionsDemonstrate ability to identify if exception(s) would potentially yield a qualified opinionDemonstrate self-organization, consistently and proactively look ahead to future projects, and prepare accordingly•Schellman MethodologyRead STMV quarterly, and demonstrate ability to apply concepts (sampling methodology, TA language structure, exception wording, etc.)Review and demonstrate ability to apply concepts of AS 2.0 Reference GuideReview and demonstrate ability to apply concepts of “EWP WP Guidance”Obtain CCSK and begin pursuing second certification (ISO 27001 LA, CISA, AWS CCP)Understand and demonstrate ability to articulate differences between SOC 1 and SOC 2Participate on project as a shadow or assessor for attestation offerings such as HIPAA, AUP, C5, etc.Begin understanding SOC 1 GITCs and each SOC 2 criteria for the Security, Availability, and Confidentiality categoriesAbility to articulate qualified vs unqualified opinion; know all four types of opinionsLearn Schellman's services and service line leadersAdhere to and complete all matters included in the Associate Score CardAccurately manage and report time worked to each project / initiativeComplying with Schellman’s code of ethics and professional conduct, methodologies, policies, and proceduresAdhering to the professional and regulatory standards relevant to assigned service line specialization(s)Promoting Schellman’s company culture and exemplifying Schellman's valuesEstablishing high quality relationships and rapport with client personnelManaging client expectations to ensure expectations are exceededCompleting assigned duties in a timely manner and with a high attention to detailCollaborating with fellow project team members in a productive and timely manner throughout the life cycle of each projectAdhering to project schedules and keeping fellow project team members apprised of the progress of assigned tasksEscalating issues internally in a proper and timely mannerUsing discretion and decorum in the timing, form, and content of all client communicationsBooking travel reservations in a timely manner and in accordance with Schellman's travel and expense policies and proceduresPerforming the essential functions of other service delivery positions when qualified and called upon to do soAttending project kick-off and closing meetingsExecuting assigned testing procedures, performing detailed analysis, reaching conclusions, documenting results in accordance with company standards, and suggesting ideas for improvements, where applicableDrafting project deliverablesServing as a contact for clients' basic questions regarding an engagementParticipating in recruiting and candidate interview activitiesTraining project team membersAcclimating newer team members to SchellmanContributing to Schellman's practice development effortsDeveloping an expert knowledge of professional and regulatory standards relevant to assigned service line specialization(s)Contributing to Schellman's thought leadership (e.g., articles, webinars, public speaking, etc.)QualificationsBachelor's degree in accounting, finance, business management, technology, or other relevant subject area, or equivalent years of experience directly related to the duties and responsibilities specified2+ years of related professional services experience in information security auditing, assessment, consulting or compliance, focused on ITGC or SOC controlsAbility to work well independently, within a team and with clients as well as travel ~40-50% (M-Th)Maintains (preferred) or working towards obtaining least one certification relevant to Schellman's services (i.e. CPA, CCSK or CISA)Knowledge, Skills, and Abilities:Working knowledge of Schellman’s services, methodology, and relevant professional standardsRequisite knowledge of applicable technology and security domainsHigh level of attention to detail and quality of work productClient service orientedExcellent time management, organizational, and verbal and written communication skillsAbility to work on-site or remotely as a valuable contributor to a collaborative teamCapable of simultaneously managing assigned tasks for multiple projectsProficient using Microsoft Word, Excel, and Power Point, as well as Schellman’s service delivery applicationsFull understanding and application of ethics, independence and Schellman’s values

Job SummaryWe are looking for GRC, SOC AUDITOR ConsultantresponsibilitiesDemonstrate proficiency in Schellman MethodologyGuide associates and peersObtain certifications (ISO LA, CISA, CISSP, AWS CCP, etc.)Successfully run a project from fieldwork through completionUnderstand and demonstrate ability to speak to Schellman's service lines at a high level and their leadersDemonstrate proficiency of SOC 1 GITCs and each Security, Availability, Processing Integrity, Confidentiality, and Privacy SOC 2 criteriaDemonstrate understanding of Principal Service Commitments and System Requirements and how they impact scope of a SOC 2Know all four report opinion outcomes and ability to draft modified opinionsDemonstrate ability to identify if exception(s) would potentially yield a qualified opinionDemonstrate self-organization, consistently and proactively look ahead to future projects, and prepare accordingly•Schellman MethodologyRead STMV quarterly, and demonstrate ability to apply concepts (sampling methodology, TA language structure, exception wording, etc.)Review and demonstrate ability to apply concepts of AS 2.0 Reference GuideReview and demonstrate ability to apply concepts of “EWP WP Guidance”Obtain CCSK and begin pursuing second certification (ISO 27001 LA, CISA, AWS CCP)Understand and demonstrate ability to articulate differences between SOC 1 and SOC 2Participate on project as a shadow or assessor for attestation offerings such as HIPAA, AUP, C5, etc.Begin understanding SOC 1 GITCs and each SOC 2 criteria for the Security, Availability, and Confidentiality categoriesAbility to articulate qualified vs unqualified opinion; know all four types of opinionsLearn Schellman's services and service line leadersAdhere to and complete all matters included in the Associate Score CardAccurately manage and report time worked to each project / initiativeComplying with Schellman’s code of ethics and professional conduct, methodologies, policies, and proceduresAdhering to the professional and regulatory standards relevant to assigned service line specialization(s)Promoting Schellman’s company culture and exemplifying Schellman's valuesEstablishing high quality relationships and rapport with client personnelManaging client expectations to ensure expectations are exceededCompleting assigned duties in a timely manner and with a high attention to detailCollaborating with fellow project team members in a productive and timely manner throughout the life cycle of each projectAdhering to project schedules and keeping fellow project team members apprised of the progress of assigned tasksEscalating issues internally in a proper and timely mannerUsing discretion and decorum in the timing, form, and content of all client communicationsBooking travel reservations in a timely manner and in accordance with Schellman's travel and expense policies and proceduresPerforming the essential functions of other service delivery positions when qualified and called upon to do soAttending project kick-off and closing meetingsExecuting assigned testing procedures, performing detailed analysis, reaching conclusions, documenting results in accordance with company standards, and suggesting ideas for improvements, where applicableDrafting project deliverablesServing as a contact for clients' basic questions regarding an engagementParticipating in recruiting and candidate interview activitiesTraining project team membersAcclimating newer team members to SchellmanContributing to Schellman's practice development effortsDeveloping an expert knowledge of professional and regulatory standards relevant to assigned service line specialization(s)Contributing to Schellman's thought leadership (e.g., articles, webinars, public speaking, etc.)QualificationsBachelor's degree in accounting, finance, business management, technology, or other relevant subject area, or equivalent years of experience directly related to the duties and responsibilities specified2+ years of related professional services experience in information security auditing, assessment, consulting or compliance, focused on ITGC or SOC controlsAbility to work well independently, within a team and with clients as well as travel ~40-50% (M-Th)Maintains (preferred) or working towards obtaining least one certification relevant to Schellman's services (i.e. CPA, CCSK or CISA)Knowledge, Skills, and Abilities:Working knowledge of Schellman’s services, methodology, and relevant professional standardsRequisite knowledge of applicable technology and security domainsHigh level of attention to detail and quality of work productClient service orientedExcellent time management, organizational, and verbal and written communication skillsAbility to work on-site or remotely as a valuable contributor to a collaborative teamCapable of simultaneously managing assigned tasks for multiple projectsProficient using Microsoft Word, Excel, and Power Point, as well as Schellman’s service delivery applicationsFull understanding and application of ethics, independence and Schellman’s values