RISK & IT AUDIT ASSOCIATE/SENIOR ASSOCIATE

DEPARTMENT: Business Risk Services
REPORTS TO: Director, Risk Governance & IT Strategy

JOB SUMMARY:
The Risk & IT Audit Associate/Senior Associate will support the execution of risk-based audits focused on IT systems, cybersecurity, data privacy and governance, and operational risk. This role involves evaluating internal controls, identifying vulnerabilities, and recommending improvements to enhance risk management and compliance across client organizations.

DUTIES, RESPONSIBILITIES AND EXPECTATIONS:
A. Audit Execution:

• Assist in planning and conducting IT and risk audits across various clients and industries.
• Evaluate the design and effectiveness of IT general controls (ITGCs), application controls, and cybersecurity environments.
• Perform walkthroughs, testing, and documentation of audit findings.
• Familiarity and use of data analytics tools (e.g., ACL, IDEA, Power BI) to examine and interpret data.
• Evaluate the organization’s incident response and breach notification procedures.
• Test disaster recovery and business continuity plans for resilience against cyber threats.
• Stay updated on emerging risks, technologies, and audit methodologies.

B. Risk Assessment:

• Support enterprise risk assessments and contribute to the development of audit plans.
• Identify and evaluate cybersecurity risks across networks, applications, and cloud environments.
• Identify and assess risks related to information systems, data privacy, and regulatory compliance.
• Review security configurations, vulnerability management, and incident response processes.
• Perform business process reviews, document business processes and workflows to ensure clarity, consistency, and compliance.

C.  Reporting & Communication:

• Prepare clear and concise audit reports with findings, implications, and actionable recommendations.

• Communicate audit results to stakeholders and assist in follow-up reviews to ensure remediation.

D. Compliance & Standards:

• Ensure audits are conducted in accordance with internal policies, industry standards, and regulatory requirements.
• Ensure adherence to data protection laws (e.g., GDPR, CCPA) and internal privacy policies.
• Review data handling practices, encryption standards, and retention policies.

E. Cross Functional Collaboration:

• Work closely with IT, risk management, compliance, and other departments in clients’ businesses to understand processes and controls.
• Participate in cross-functional projects related to risk mitigation and control enhancement.

F. Execute all duties and responsibilities in accordance with the Grant Thornton CLEARR values

• Collaboration - Work collaboratively with team members and practice open, cordial and respectful communication.
• Leadership - Build trust, make a difference and demonstrate leadership in all choices and actions.
• Excellence - Deliver quality output consistent with the Firm’s culture of excellence.
• Agility - Act with agility, clarity and purpose.
• Respect - Demonstrate respect for people, care deeply and listen intently.
• Responsibility - Be aware of the impact of your actions and take responsibility for them always.

G. Meet other general expectations of professional and performance standards

• Adhere to GT professional and performance standards as outlined in the Employee Handbook and Code of Conduct.
• Maintain strict confidentiality.
• Maintain a good working relationship with clients.
• Understand and manage Firm risk on all work assigned.
• Work closely with seniors, managers, and partners, on all phases of the engagement.
• Proactively inform designated senior staff promptly of problems encountered when performing assigned tasks.
• Develop and maintain comprehensive knowledge of professional standards and ethics.
• Maintain required education and knowledge to efficiently perform in the role.
• Participate in training, workshops and seminars as mandated by the Firm.
• Perform other ancillary duties as necessary.