Senior Risk Advisory Associate
Risk Advisory Senior Associate About the team
Who We Are
Eide Bailly is one of the top 25 CPA and business advisory firms in the nation. We have over 40 offices in 15 states across the Midwest and western United States and offer our staff and Partners the opportunity to serve a variety of industries. Founded in 1917, our culture is the foundation of who we are, and we pride ourselves on supporting our employees to help them achieve their goals and pursue their interests both in the office and at home. At Eide Bailly we are passionate about the clients we serve, the work we do, and most importantly, having fun while we do it!
Why You'll Love Working Here
At Eide Bailly we believe respect is how to treat everyone, not just those you want to impress. Our culture focuses on collaboration to achieve career growth. We promote happy employees by making work/life balance a priority along with being actively involved in our communities. Our dedication to service can be seen through the Firm's decision to match charitable donations made by employees, as well as providing opportunities to volunteer throughout the year. We support living healthier lives with perks like a Wellness Benefit to be spent on fitness-related purchases each year. Most importantly, we like to have fun! We offer a professional and fun work environment with frequent lunch and learns, socials, contests, outings and other events.
Job you will do
Typical Day in the Life
As a Risk Advisory Services Senior Associate, you are responsible for ensuring value-added services are provided to our clients. You will also work with their audit engagement team to ensure the various components of the audit engagement are performed - including gathering information from the client, and reviewing and compiling client financial data.
- Conduct information technology and security audits, SOC engagements, IT controls review engagements, FISMA, FedRAMP, ISO 2700 and PCI readiness assessments.
- Provide technology reviews and gap analyses.
- Conduct Information Technology audits consisting of general computer, technical, physical and administrative controls around Information Technology.
- Examine effectiveness of internal control structures and procedures in place, identifying and outlining regulatory guidelines that need to be implemented.
- Manage client relationships with integrity by monitoring client needs and building value into professional service.
- Identify areas of non-compliance, operational weaknesses, inefficiencies and issues by performing the following:
- Capitalize on personal and professional experiences in order to develop business and practice lines.
- Actively seek and provide feedback in order to develop the Risk Advisory Services practice.
- Assess compliance with information technology controls.
- Conduct business impact analysis and risk assessments to develop, test and implement a Business Continuity Plan and Information Security Program for clients.
- Assess security of client networks, hosts and applications.
- Perform technology risk assessments and review, document, evaluate and test general computer controls including access controls, change management, security, backup controls and operation controls, in a wide range of computing environments (e.g. mainframe, mid-range and client/server) for financial audit support and Sarbanes-Oxley 404 work.
- Review, document, evaluate and test application controls, particularly automated controls, on a wide range of software application packages for financial reporting.
- Assist financial audit and Sarbanes-Oxley compliance teams in the identification of control objectives and the design of control procedures to address those objectives.
- Identify internal IT controls, assess their design and operational effectiveness, determine risk exposures and develop remediation plans.
- Communicate findings and recommendations to client personnel.
- Determine technical and business impact of identified security issues and provide remediation guidance to clients.
- Review system configurations and device configurations using manual and automated techniques.
- Measure and report clients' compliance with established industry or government requirements.
Who You Are
In the Risk Advisory Services Senior Associate role, you will need to be familiar with the overall audit process. To be successful in this role, you will need excellent communication skills as well as the ability to effectively interact with all levels of Firm management, staff and clients.
- Bachelor's degree in Computer Science, Business, Finance or Information Technology required.
- 2-6 years of experience in IT Audit, IT Security, Information Risk Management, IT Governance or other IT compliance-related work. or government agency, Consulting experience with a CPA firm is preferred, as is previous experience working in the internal audit function.
- Certified Information System Auditor (CISA) and/or Certified Information Systems Security Professionals® (CISSP®) preferred.
- Expertise in IT internal controls and their applicability with regards to financial reporting and information systems support processes.
- Experience with FISMA and/or FedRAMP and applying or assessing NIST SP 800-53 preferred.
- Understanding of relevant regulations and industry standards (e.g. SOX, COSO, COBIT, FFIEC, ITIL, ISO27001, PCI, HIPAA and GLBA) and best practices and methodologies to address these requirements. Ability to apply these requirements to organizational internal control frameworks.
- Excellent written and oral communications skills.
- Strong time management and organizational skills.
- Great attitude and strong work ethic.
- Ability to travel, especially regionally.
Must be authorized to work in the United States permanently without the requirement of sponsorship at any point in the future.
What to Expect Next
We'll be in touch! If you look like the right fit for our position, one of our recruiters will be reaching out to schedule a phone interview with you to learn more about your career interests and goals. In the meantime, we encourage you to check us out on , , , or our page.