IT Risk Senior Associate (IT SOX & IT Internal Audit Senior Associate)

Job description

As an IT Risk Senior Associate, you will get the opportunity to grow and contribute to our clients' business needs by helping them understand their business risks and assist in addressing risk in both proactive and responsive contexts for the Risk, Compliance & Controls Practice – all with the resources, environment, and support to help you excel.

You’ll collaborate with teams to execute and report on risk management, internal control and internal audit engagements that develop, assess, or improve the design and operating effectiveness of IT risk management and internal control activities.



From day one, you’ll be empowered by the greater Risk team to help clients make the moves that will help them achieve their vision and help you achieve more, confidently.





Your day-to-day may include:




+ Actively participate in client engagements from start to completion, with a focus on executing and reporting on assigned project tasks that include co-sourced and outsourced IT internal audit, IT internal control assessments, IT risk management program assessments, tests of IT control design and operating effectiveness for Sarbanes-Oxley (SOX) and other compliance requirements, and helping clients design and implement IT controls

+ Obtain an understanding of clients’ industry, objectives, strategy, operations, processes, IT systems, and controls

+ Execute IT control design and operating effectiveness test procedures based on engagement scope, and client environment risk factors

+ Bring an innovative and analytical mindset to help our clients solve business issues and enable more efficient project execution

+ Work with the project team and client to deliver services in accordance with project leadership and client expectations

+ Work collaboratively with colleagues across Advisory Business Lines (ABLs) and with other Grant Thornton Service Lines (e.g., Audit Services and Tax Services)

+ Meet or exceed defined performance metrics

+ Other duties as assigned




You have the following technical skills and qualifications:




+ Bachelor’s degree in Accounting, Finance, Information Technology, MIS, or a related field is required

+ Minimum 2 years of related work experience with a professional services firm, or part of an internal audit function

+ CISA, CISSP, CISM, CPA license/certification preferred

+ Understanding of IT risk management and cybersecurity risk management standards (COBIT, NIST CSF, etc.)

+ Experience in assessing the design and operating effectiveness of IT risk management and IT controls (IT general controls, application controls, etc.) for Internal Audit, SOX compliance, or other risk management activities

+ Experience assessing configuration and controls of ERP systems (SAP, Oracle, PeopleSoft, JD Edwards) a plus

+ Experience assessing configuration and controls of SAP ECC, S/4 HANA, etc.

(BASIS and security administration, process controls, etc.) a plus

+ Strong understanding of IT general controls, and current focus areas of external financial statement auditors

+ Experience assessing GRC and Identity and Access Management (IAM) solutions a plus

+ Experience assessing at least one (preferably multiple) operating system (OS/400, Windows, UNIX, etc.), database system (Oracle, SQL, etc.), and IT infrastructure / network component (domain controllers, firewalls, routers, intrusion prevention / detection solutions, etc.)

+ Experience with ACL, IDEA, QlikView, QlikSense, Tableau, Spotfire, or other analytics and visualization solutions

+ Ability to execute multiple engagements and completing priorities in a rapidly growing team environment

+ Exceptional client service, communication, analytical, organizational and project management skills

+ Strong computer skills, including proficiency in Microsoft Visio and Office Suite applications

+ Can travel as needed



#ITRisk




About Us
At Grant Thornton, we believe in making business more personal and building trust into every result – for our clients and you.

Here, we go beyond your expectations of a career in professional services by offering a career path with more: more opportunity, more flexibility, and more support.

It’s what makes us different, and we think being different makes us better.



In the U.S., Grant Thornton delivers professional services through two specialized entities: Grant Thornton LLP, a licensed, certified public accounting (CPA) firm that provides audit and assurance services ― and Grant Thornton Advisors LLC (not a licensed CPA firm), which exclusively provides non-attest offerings, including tax and advisory services.

In 2025, Grant Thornton formed a multinational, multidisciplinary platform with Grant Thornton Ireland.

The platform offers a premier Trans-Atlantic advisory and tax practice, as well as independent American and Irish audit practices.

With $2.7 billion in revenues and more than 50 offices spanning the U.S., Ireland and other territories, the platform delivers a singular client experience that includes enhanced solutions and capabilities, backed by powerful technologies and a roster of 12,000 quality-driven professionals enjoying exceptional career-growth opportunities and a distinctive cross-border culture.

Grant Thornton is part of the Grant Thornton International Limited network, which provides access to its member firms in more than 150 global markets.
About the Team

Required Skill Profession

Other General