LTT RAS - Controls Manager
About the role
London Top-Tier provides assurance and specialist advisory services to many of the UK's most successful non-financial sector corporates including delivering the audits of FTSE 100 clients, with a number of these clients also US listed and subject to compliance with the Sarbanes-Oxley Act. As the largest of the UK Assurance business units we are at the forefront and the source of many of the global networks initiatives offering our people unrivalled opportunities to contribute to the shape of our future business.
LTT's Risk Assurance practice is home to specialists in all aspects of management and control from Corporate Governance and the assessment of entity level risk to the design of business processes, IT systems, supporting IT infrastructure and the governance of projects. Our people specializing in Controls Assurance are charged with integrating these skills into our largest financial audits and consulting projects in addition to creating solutions directly for our clients. Our client environments are constantly changing as emerging technologies are introduced, adding new dimensions to our work.
The LTT Controls Assurance team is the global lead on many of our international assignments, giving our people exposure to teams across the PwC network. This gives members of the team the ability to share knowledge and develop in a very challenging and exciting environment.
Amount of time office based: 60%
Amount of time at client sites: 40%
Need to travel/overnight stays away from home: Yes - dependant upon projects and portfolio
Opportunity for flexible working?: Yes
Opportunity for working from home?: minimal but depends on projects
Opportunity for job sharing?: No
You will be responsible for the following:
- IT risk assessment and IT general controls experience including planning, delivering and reviewing a diverse range of assignments.
- Understanding of Control Frameworks e.g. COSO, COBIT.
- Strong understanding of Sarbanes-Oxley (SOX) framework and compliance.
- Managing project team on a range of complex engagements, including:
- assessment or design of IT General controls across the four domains: access to programs and data, computer operations, program development and program changes.
- security assessment at the three layers of security:
- application security (through standard access test and segregation of duties review).
- operating system security.
- database security.
- provision of specialist IT audit support to financial audit team on statutory engagements and advising on impacts to financial risk
- assessment and/or designing risk and control matrix for client as part IT internal audit.
- IT Risk assessments for key operations, major system changes, outsourcing projects, cloud implementations, Cybersecurity, etc. and IT Function Assessments against better practice frameworks (e.g. ITIL)
- impact assessment of IT General controls on key financial processes (incl. procure to pay, order to cash, period end financial close, inventory management, cash management, payroll)
- The direction of scoping, planning and delivery of engagements and discussing findings and reporting to our clients.
- Facilitating trainings, coaching and mentoring junior staff.
You will apply a client centric approach and demonstrate strong critical thinking skills. It is essential that the applicant has the following key skills and experience:
- Sound experience in IT Risk assessment and Audit or Advisory, and an understanding of current technology trends.
- Sound experience in assessing IT General Controls across multiple ERP/Non-ERP applications and supporting infrastructure (Operating systems [UNIX, Windows, OS/400 or IBMi] and Databases [Oracle, SQL, DB2]).
- Sound experience in assessing and/or designing risk and control matrix for client as part IT internal audit activities.
- Strong understanding of key business processes, and the associated risks and controls
- Strong organizational skills and demonstrated ability to manage competing priorities
- Excellent written and verbal communication skills
- CISA qualification will be highly regarded as will experience in a professional services environment.
- Exceptional client service skills - Ability to build and maintain client relationships
- Data analytics / CAATs experience preferred, but not essential
- Knowledge of an ERP (SAP/Oracle) would be preferable.