Technology Risk Senior

As a member of the IT Audit team, you will contribute to IT audit client engagements in Luxembourg and abroad. A significant component of your work will be to support the Financial Audit as a member of integrated audit teams with IT related audit work, including evaluation of a client’s IT environment, testing of IT controls and data analytics. Other areas of services include advisory work in cybersecurity, IT strategy, architecture and optimization, business continuity planning, IT Governance and IT service management, information systems requirements analysis, solution design, implementation support, and technology-related regulatory compliance.

This role offers you the unique opportunity for quick onward career progression while working with a broad range of clients across a number of sectors.

Your responsibilities:

• Take responsibility for the quality of your work, while continually developing your personal skills through learning, experiences and coaching. 
• Serve as a fieldwork leader on financial statement audit support engagements by evaluating clients’ IT control environment and developing solutions.
• Act as a stream leader on business consultancy engagements in the fields of cyber security, risk management, IT and business continuity management.
• Analyse client IT environment, identify risks and evaluate controls.
• Conduct application system analysis of Segregation of Duties (SOD), and Sensitive Access to evaluate whether the roles and privileges assigned to business and IT users cause violations or conflicts in the financial accounting and reporting process.
• Design and implement technical and general computer IT audits, systems development, conversion, and application control reviews, including process and procedure, documentation, control identification, test plan creation and execution, and executive reporting.
• Perform in-depth control assessments, document test requirements, and suggest remediation alternatives where necessary
• Facilitate use of technology-based tools or methodologies to review, design, and/or implement products and services.

Your profile:

• You hold a Master’s degree or equivalent certification in Computer Science, Information Systems, engineering or other appropriate academic majors.
• You have a minimum of 2 years of relevant experience working as an IT-Auditor (internal or external) or 3 years of relevant experience as IT-Consultant.
• You have sound knowledge of and experience in common IT frameworks and standards, such as: ITIL, COBIT, ISO27k, ISO 22301, CMMI, etc.
• You are familiar with the main data protection and governance laws and regulations, i.e. EU GDPR, DORA, NIS2 etc.
• You are CISA certified or willing to become certified within 1 year from the date of hire.
• You have knowledge and experience in IT Risk Management and internal control.
• You have hands-on experience of operating systems, DBMS or networks administration.
• You are fluent in French and English; additional language skills will be considered as an asset.
• You are highly organized and flexible, with the ability to learn quickly and leverage skills in new situations.
• You can anticipate problems and take decisive action, giving regard to the impact on both the client and the company.
• You strive to obtain and share knowledge, ideas and solutions to improve client's business and processes.

It is welcomed for you to have:

• Significant experience in applying relevant technical knowledge in at least one of the following engagements: (a) financial statement audits; (b) internal or operational audits; (c) ISMS implementation/ audit; (d) business continuity management implementation; and/or (e) ERP security and control reviews (Oracle, SAP, MS Dynamics).
• Experience auditing general computer controls and IT control testing of applications, operating systems, and databases. 
• Prior experience in project planning and management will be a plus.
• Additional relevant certifications, such as CISM, CGEIT, CRISC, ITIL, CISSP, CIA, ISO 27001 Lead Auditor/Implementer, ISO22301 Lead Auditor/Implementer, Prince2 or PMP are considered an advantage.