Manager - Technology Risk Consulting

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, culture and talent experience and our ability to be compelling to our clients. You'll find an environment that inspires and empowers you to thrive both personally and professionally. There's no one like you and that's why there's nowhere like RSM.

Our Risk Advisory Services Technology Risk Consulting (TRC) professionals serve complex global clients, helping transform their IT risk management and assurance capabilities to align with their organization's key risks and strategic priorities.

We work with large and middle-market clients across a wide variety of industries, developing strong relationships built on a deep understanding of their businesses, challenges, risks, and IT requirements. Our professionals also play a critical role in testing SOX internal audit financial controls, supporting compliance efforts by evaluating the design and operating effectiveness of both IT and business process controls in alignment with regulatory requirements.

Responsibilities:

• Consulting with client leadership on the design and optimization of controls, utilizing a strong knowledge of business processes, financial reporting, accounting, and information technologies, including those relevant to SOX compliance. Creating internal control documentation for engagements, including narratives, process maps, and data flows.
• Performing and managing SOX audits across both IT and business/financial process areas, including risk assessments, control design and testing, and remediation strategies.
• Consulting with client leadership on strategic plans and other business matters, helping clients anticipate emerging risks, including those associated with blockchain, cryptocurrency, and digital assets, as well as new information technology opportunities.
• Managing SOC attestation and other third-party opinion services.
• Supporting external financial statement and SOX compliance engagements for application and IT general controls, while assisting audit and Sarbanes-Oxley teams in identifying financial and IT control objectives and designing effective control procedures.
• Assessing IT security policies, procedures, and controls of clients' business applications, networks, operating systems, and broader technology infrastructure.
• Reviewing, documenting, evaluating, and testing application controls, with a focus on automated and manual controls within ERP systems and other key financial applications across a variety of business processes.
• Identifying and evaluating internal IT controls, assessing their design and operational effectiveness, determining risk exposures, and developing actionable remediation plans. Providing technical and business impact assessments of identified issues and offering practical remediation guidance.
• Clearly communicating findings and actionable recommendations to client stakeholders, including executive leadership, audit committees, and compliance teams.

Required Qualifications:

• Bachelor's degree or equivalent.
• Extensive experience performing SOX audits, with a deep understanding of internal control frameworks, including understanding of both business process and IT general controls.
• Demonstrated experience with service organization control attestation engagements and other security compliance frameworks.
• Demonstrated experience with blockchain, cryptocurrency, and digital assets, including their associated risks and compliance considerations.
• Solid understanding of relevant regulations and industry standards (e.g., FFIEC, SOX, COSO, COBIT, ITIL, ISO 27001, PCI, HIPAA, and GLBA), and the ability to apply these to organizational internal control environments.
• Professional certifications preferred, including Certified Public Accountant (CPA), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and/or Certified Information Privacy Professional (CIPP).

Preferred Qualifications:

• Experience in a widely used financial application (SAP, Oracle, JD Edwards, PeopleSoft, etc.).
• Ability to communicate technical information clearly and effectively (both written and verbal) to audiences at all levels of technical understanding, including senior management.

At RSM, we offer a competitive benefits and compensation package for all our people.We offer flexibility in your schedule, empowering you to balance life's demands, while also maintaining your ability to serve clients.Learn more about our total rewards at https://rsmus.com/careers/working-at-rsm/benefits.

All applicants will receive consideration for employment as RSM does not tolerate discrimination and/or harassment based on race; color; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender; sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the US uniformed service; US Military/Veteran status; pre-disposing genetic characteristics or any other characteristic protected under applicable federal, state or local law.

Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership.RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please call us at 800-274-3978 or send us an email at careers@rsmus.com.

RSM does not intend to hire entry level candidates who will require sponsorship now OR in the future (i.e. F-1 visa holders). If you are a recent U.S. college / university graduate possessing 1-2 years of progressive and relevant work experience in a same or similar role to the one for which you are applying, excluding internships, you may be eligible for hire as an experienced associate.

RSM will consider for employment qualified applicants with arrest or conviction records in accordance with the requirements of applicable law, including but not limited to, the California Fair Chance Act, the Los Angeles Fair Chance Initiative for Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the San Francisco Fair Chance Ordinance. For additional information regarding RSM's background check process, including information about job duties that necessitate the use of one or more types of background checks, click here.

At RSM, an employee's pay at any point in their career is intended to reflect their experiences, performance, and skills for their current role. The salary range (or starting rate for interns and associates) for this role represents numerous factors considered in the hiring decisions including, but not limited to, education, skills, work experience, certifications, location, etc. As such, pay for the successful candidate(s) could fall anywhere within the stated range.