Business Risk Services Director

Overview

CLA is a top 10 national professional services firm where our purpose is to create opportunities every day, for our clients, our people, and our communities through industry-focused wealth advisory, digital, audit, tax, consulting, and outsourcing services. Even with more than 8,500 people, 130 U.S. locations, and a global reach, we promise to know you and help you.

CLA is dedicated to building a culture that invites different beliefs and perspectives to the table, so we can truly know and help our clients, communities, and each other.

CLA is looking to grow its family by adding a Business Risk Services Director. The Business Risk Services Director coordinates and interacts with IT general controls assessments, System and Organization Controls (SOC) services, as well as other Business Risk and Risk Management related services (including internal audit, enterprise risk assessments, etc.). Specific engagements will include assessments of business process and information technology/security control design, internal control testing, IT support of financial audits, and service auditor reporting requirements associated with SSAE 18 and HITRUST engagements.

This role builds strong relationships and communicates with external clients and internal clients that are industry specialists or other service teams within CLA.

The below functions reflect the general details of the essential work activities and accountabilities of this position and are not all inclusive. Other activities may be assigned.

• Client Service:
  Identify other CLA services that would help clients. Participates in meetings, and presentations to clients. Ability to deliver high level of client service through positive interactions with clients in multiple industries. Proactively demonstrate curiosity and an open mind to new ideas and concepts; generate innovative ideas and solutions.

• Risk Management:
  
  Assists in the development, execution and completion of risk assessment, examination plan, and other duties as assigned. Facilitates and/or participates in the execution of the technical examination process including definition of examination scope, control evaluation, test activities, reporting, issue resolution, and risk assessment for assigned examination control / objectives. Demonstrate awareness and understanding of client's technical environment and business processes through discussions and review of available information with an emphasis on controls relevant to the business, network, cloud apps, security devices, servers and workstations.
  
  Analyze processes and adequacy of controls related to administration of technical components including logical access, change management, development life cycle, data management, backup and recovery, incident response, vulnerability management, risk assessment, and physical environment. Analyze processes and adequacy of controls related to business processes that support our client's financial reporting information and systems.

• Project Management:
  Balance assigned work and efficiently delegate to associates to meet established deadlines. Project management to coordinate resources necessary to perform control testing, keep engagements on schedule, and help to lead associates through complex areas of the engagements. Communicate status of project including issues that need immediate attention to Manager / Director / Principal. Reports results of tests to engagement Director / Manager / Principal in a timely manner.

• Reporting:
  Communicate draft and final reports and status items in both verbal and written form. Demonstrate abilities to draft reports, present results, and share status with clients, as well as interact and communicate with internal team members.

Experience

• 10 years of relevant experience performing SOC services, internal audit, IT controls assessments, internal audit, and/or Risk Management services.

Education

• Bachelor's degree required. (Combination of education, training, and experience may be considered a degree equivalent)

• Field of accounting, business, or management information systems preferred

• Additional education in Information Systems preferred.

Certifications / Licenses

• Applicable certification of either CPA, CISA, CRMA, or CIA certification or similar (such as HITRUST, CFSA, CISSP, CISM, CGFA) required

• Strong computer and technical skills including Microsoft Office Suite (Outlook, Word, Excel, Powerpoint, etc.) required.

• Experience with networking systems such as Windows, Unix, Mainframe, firewalls, etc. preferred.

• Need to have exposure with various accounting and audit software, such as ERP systems, GL software, financial reporting packages, payroll and timekeeping systems, etc. Familiarity with audit tools such as data analytics, automated/electronic working paper software, risk tools/products, etc. preferred

• Ability to identify and work with database products such as Oracle, SQL Server, and others is preferred.