Senior Associate, IT Internal Audit

The KPMG Advisory practice is at the forefront of transformation, offering excellent opportunities for individuals to advance their careers and expertise with KPMG. Looking ahead, we anticipate continued evolution and success within the practice, fostering both personal and professional development, thereby creating new pathways for growth. In this ever-changing market environment, our professionals must be adaptable and thrive in a collaborative, team-driven culture.

At KPMG, our people are our number one priority. With a wealth of learning and career development opportunities, a world-class training facility, and leading market tools, we help our people continue to grow both professionally and personally. If you're looking for a firm with a strong team connection where you can be your whole self, have an impact, advance your skills, deepen your experiences, and have the flexibility and access to constantly find new areas of inspiration and expand your capabilities, then consider a career in Advisory.

KPMG is currently seeking a Senior Associate, IT Internal Audit to join our Internal Audit & Controls practice.

Responsibilities :

* Design, coordinate, and oversee the day-to-day activities related to client engagements in one or more areas such as, Information Technology (IT) strategy and transformation programs, agile software development/Dev Ops, business continuity and disaster recovery, cybersecurity, cloud providers and other third parties; data management/governance, emerging technology such as AI, automation (robotics, cognitive, and more), and projects,General IT controls (GITCs) and application controls testing, and regulatory/compliance requirements such as Sarbanes Oxley (SOX), FedRAMP and Payment Card Industry (PCI)
Review clients' IT traditional and agile processes as well as tools for security, resiliency and Dev Ops controls against leading practice, industry, or client frameworks; assess capability maturity, identify gaps in design and execution of the controls, as well as communicate issues and recommendations to senior management

* Work with client senior management to design, and implement new IT risk and control frameworks, sustainable solutions (including, applying knowledge of governance, risk and security tools), operating processes and people models to address key and evolving risks, as necessary

* Complete comprehensive executive summarie, final reports, and deliver to client senior managemen; document and review engagement work papers in accordance with KPMG requirements as well as common industry practice for internal audit and risk consulting client engagements

Lead efforts in developing and contributing content to related KPMG knowledge bases and internal practice development initiatives, including but not limited to research, thought leadership, marketing collateral, and share forums/peer exchange materials

Qualifications :

* Minimum three years of recent experience working within IT risk (first line or second line of defense), cybersecurity, internal audit or IT compliance function as an internal employee; similar role as part of a professional services firm

* Bachelor's degree from an accredit ted college/university in an appropriate field; CISA, CISM, CISSP, CRISC or similar certifications preferred;

* Master's degree from an accredited college/university preferred; one or more enterprise technology vendor certifications from IBM, Oracle, Microsoft, Google, AWS, Service Now, Git Hub, Artifactory, Atlassian, or Git Lab preferred

* Prior knowledge leading and executing IT risk consulting, IT process re-engineering, IT audit, and IT internal controls engagements, leveraging IT governance and control frameworks such as Control Objectives for Information and Related Technologies (COBIT), NIST Cybersecurity framework (CSF), NIST 800-53, IIA GTAG, Cloud Security Alliance, Capability Maturity Model Integration (CMMI), and Information Technology Infrastructure Library (ITIL) and proficiency in core requirements and methodologies for Sarbanes-Oxley (SOX) internal control programs

* Experience with IT risk management operating models, three lines-of-defense frameworks, integrated…