Business Risk Services Director

The Business Risk Services Director coordinates and interacts with IT general controls assessments, System and Organization Controls (SOC) services, as well as other Business Risk and Risk Management related services (including internal audit, enterprise risk assessments, etc.). Specific engagements will include assessments of business process and information technology/security control design, internal control testing, IT support of financial audits, and service auditor reporting requirements associated with SSAE 18 and HITRUST engagements. This role builds strong relationship and communicates with external clients and internal clients that are industry specialists or other service teams within CLA.

*Client Service: Identify other CLA services that would help clients. Participates in meetings, and presentations to clients. Ability to deliver high level of client service through positive interactions with clients in multiple industries. Proactively demonstrate curiosity and an open mind to new ideas and concepts; generate innovative ideas and solutions.

*Risk Management: Assists in the development, execution and completion of risk assessment, examination plan, and other duties as assigned. Facilitates and/or participates in the execution of the technical examination process including definition of examination scope, control evaluation, test activities, reporting, issue resolution, and risk assessment for assigned examination control / objectives. Demonstrate awareness and understanding of client's technical environment and business processes through discussions and review of available information with an emphasis on controls relevant to the business, network, cloud apps, security devices, servers and workstations. Analyze processes and adequacy of controls related to administration of technical components including logical access, change management, development life cycle, data management, backup and recovery, incident response, vulnerability management, risk assessment, and physical environment. Analyze processes and adequacy of controls related to business processes that support our client's financial reporting information and systems.

*Project Management: Balance assigned work and efficiently delegate to associates to meet established deadlines. Project management to coordinate resources necessary to perform control testing, keep engagements on schedule, and help to lead associates through complex areas of the engagements. Communicate status of project including issues that need immediate attention to Manager / Director / Principal. Reports results of tests to engagement Director / Manager / Principal in a timely manner.

*Reporting: Communicate draft and final reports and status items in both verbal and written form. Demonstrate abilities to draft reports, present results, and share status with clients, as well as interact and communicate with internal team members.

Experience

* 10 years of relevant experience performing SOC services, internal audit, IT controls assessments, internal audit, and/or Risk Management services.

Strong computer and technical skills including Microsoft Office Suite (Outlook, Word, Excel, Powerpoint, etc.) required.

Experience with networking systems such as Windows, Unix, Mainframe, firewalls, etc. preferred.

Need to have exposure with various accounting and audit software, such as ERP systems, GL software, financial reporting packages, payroll and timekeeping systems, etc. Familiarity with audit tools such as data analytics, automated/electronic working paper software, risk tools/products, etc. preferred

Ability to identify and work with database products such as Oracle, SQL Server, and others is preferred.

The Business Risk Services Director reports to and may receive work direction from Principals on both the service and industry teams. S/he works with a variety of Associates, Managers, Directors and Principals on assigned projects. S/he is involved in multiple client engagements that include a variety of different reporting relationships and expectations. S/he may be in a position to delegate work to Associates or Seniors. S/he acts as in professional and career development mentor capacity for Associates and Seniors. Other roles involved include assistance with billing, proposal/service presentations, project management, and client communications.