At McGladrey, the IT audit security consultants work with large and small companies in various industries. They develop strong working relationships with clients built on understanding their businesses and challenges. Consultants work on multiple team engagements each year, including several pieces of any particular assignment-not just one part. Working in a mutually respectful team environment helps our consultants perform at their best and integrate their career with their personal life.
Senior IT audit security consultants provide quality services to clients by focusing on the IT controls and security of their clients. You will use your strong analytical skills to develop quality solutions to meet client requirements. Examples of specific assignments could include:
- Performing and coordinating technical security assessments including, PCI reviews, internal and external vulnerability assessments, attack and penetration studies, eCommerce reviews, and other technical audits
- Assess security of client networks, hosts, and applications
- Coordinating the testing and analysis of web applications and web services (SOAP, WSDL, UDDI)
- Performing technology risk assessments and reviewing, documenting, evaluating and testing general computer controls including access controls, change management, security, backup controls and operation controls, in a wide range of computing environments (e.g., mainframe, mid-range and client/server), for financial audit support and Sarbanes-Oxley 404 work.
- Reviewing, documenting, evaluating and testing application controls, particularly automated controls on a wide range of software application packages for financial reporting.
- Assisting financial audit and Sarbanes-Oxley compliance teams in the identification of control objectives and the design of control procedures to address those objectives.
- Identifying internal IT controls, assessing their design and operational effectiveness, determining risk exposures and developing remediation plans.
- Communicating findings and recommendations to client personnel.
- Determine technical and business impact of identified security issues and provide remediation guidance to clients
- Review application code, system configurations and device configurations using manual and automated techniques
- Measure and report clients' compliance with established industry or government requirements
- Bachelor's degree or equivalent
- Five + years experience in IT Audit, IT Security, Information Risk Management, IT Governance or other IT Compliance related work. Prior responsibilities should include performing in-depth technical IT risk assessments and vulnerability analyses, recommending, designing and advising on applicable IT controls, as well as regulatory and compliance reviews
- Expertise in IT internal controls and their applicability with regards to financial reporting and information systems support processes
- Good understanding of relevant regulations and industry standards (e.g., SOX, COSO, COBIT, FFIEC, ITIL, ISO27001, PCI, HIPAA and GLBA) and best practices and methodologies to address these requirements. Ability to apply these requirements to organizational internal control frameworks
- Professional certifications including Certified Ethical Hacker (CEH), Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®) and Certified Information Security Manager® (CISM®); Certified Information Privacy Professional (CIPP)
- Excellent written and oral communications skills
- Strong time management and organizational skills
- Great attitude and strong work ethic
- Ability to travel, especially regionally
- Experience in Banking/financial services environment
- Experience with and knowledge of privacy laws and regulations
- Technically knowledgeable in cross-platform system security - particularly with regards to operating systems, databases, networking and transactional processing environments
- Significant background in IT auditing, technical risk/vulnerability assessments and information systems activity monitoring (ideally with some experience running automated analytical tools).
- Proficiency with a variety of operating systems including Windows, UNIX and LINUX
- Proficiency with commercial and open source database management systems (MySQL, MS-SQL, Oracle)
- Practical hands-on or lab experience with IT infrastructure components such as servers, firewalls, IDS systems and other network infrastructure components
- Practical hands-on or lab experience with security tools, such as a IBM Security AppScan or Tenable Nessus Vulnerability Scanner, or other commercial and public domain tools
- Configuration and security experience with web servers and web applications (Apache HTTP/Tomcat, Microsoft IIS, Sun One, Oracle iPlanet, IBM WebSphere, etc.)
- Familiar with security testing techniques such as network discovery, port and service identification, vulnerability scanning, network sniffing, fuzzing, penetration testing, configuration reviews, firewall rule reviews, social engineering, wireless penetration testing and password cracking
- Experience with ERP systems such as SAP, Oracle, PeopleSoft, JDE and MS Dynamix AX
You-re one of a kind. So is McGladrey. Imagine what we will achieve together.
You want your next step to be the right one. You've worked hard to get where you are today. And now you're ready to use your unique skills, talents and personality to achieve great things. McGladrey is a place where you are valued as an individual, mentored as a future leader, and recognized for your accomplishments and potential. Working directly with clients, key decision makers and business owners across various industries and geographies, you'll move quickly along the learning curve and our clients will benefit from your fresh perspective.
Experience McGladrey. Experience the power of being understood. -
McGladrey is an equal opportunity/affirmative action employer. Minorities/Females/Disabled/Veterans.
Location Street Address : 13355 Noel Road, One Galleria Tower, 8th Flr
City : Dallas
State : TX
Region : Central Region
Position Type : Full Time
Job Type : Experienced
Degree Required : Bachelor
Travel Required : Yes
Relocation Eligible : Yes
Sponsor candidates who are not eligible to work in US: No
Requisition ID : SPMC9608
Business Unit: Central Region
Date: Sat, 29 03 2014 00:00:00 GMT