About this Aprio PH - Senior Associate, Information Assurance Services (SOC) role at Aprio
Join Aprio's Information Assurance Services team within Risk Advisory and Assurance Services (RAAS) and gain experience and understanding of IT Audit, Cyber Threats and Cybersecurity, and Service Organization Control (SOC) Reporting. Aprio is a progressive, fast-growing firm looking for new colleagues to join their dynamic team as a Senior Associate, Information Assurance Services.
Position Responsibilities:
Aprio’s Information Assurance Services (IAS) practice supports the delivery of attestation and consulting services for multiple clients in data and tech-based industries such as credit reporting and analytics, payment card services, healthcare IT, and cloud services. The business model and methodologies are focused on risk management and adding value to clients in all services provided. Aprio’s IAS group utilizes sound business practices and technical expertise (rather than working off checklists) to enable clients to identify, mitigate, and monitor the most technical risks associated with their technology use.
Client Services:
- Planning and leading client meetings, walk-through reviews of clients control procedures and processes; delivery and presentation of client deliverables
- Developing and leading the performance of, testing of clients’ security, privacy and other information risk management related controls
- Directing the execution of testing of clients’ internal controls, testing of clients’ internal controls and review of internal control testing executed by other team members
- Supporting clients in problem identification and resolution
- Performing assessments and testing against leading information security and privacy standards and frameworks, including ISO 27001, Trust Services Criteria, PCI DSS, NIST CSF, GDPR, HITRUST and others
- Leading and supporting preparation of client reporting deliverables; e.g., gap and risk assessments, SOC reporting, GDPR assessments, ISO 27001 certifications, etc.
- Collaborating with other team members to streamline internal processes and procedures to improve client service and efficiencies
- Participate in meetings with new prospects and/or new service opportunities with existing clients
- Support preparation of sales proposals
- Interviewing potential candidates
- Being a mentor and/or coach to other team members
- Support in the development and delivery of training
Practice Development:
Sales and Marketing:
Team Building:
Qualifications Needed:
- Amenable to work Night-shift (8:00 PM – 5:00 AM PHT)
- Work Set-up: Remote
- One or more industry relevant certifications or wiliness to obtain relevant certification(s) within two years of employment. Certifications can include: CISA, CRISC, CIPP, CISSP, CISM, QSA, ISO/IEC 27001, or PCI ISA.
- Undergraduate Degree (required): preferably in MIS/IS or related concentration – minimum 3.3 GPA
Graduate Degree (preferred): preferably in MIS, IS or Accounting Information Systems
Relevant work experience (2-4 years)
Strong communication skills; verbal and written, with the ability to produce excellent written reports and audit documentation - Commitment to continual learning and development
- Commitment to exceptional client service and creative problem-solving ability with a consultancy mindset
- Flexible, self-starter with the ability to interact with various levels of client and firm management
- Understanding of information technology risks and internal controls
- Ability to write test procedures and execute tests of controls
- Understanding of Service Organization Control, PCI, ISO, HITRUST and/or similar information technology control frameworks
- Ability to manage personal schedule and to lead multiple projects, tasks and deadlines
- Service Organization Control (SOC) Reporting (e.g., SOC 1 and SOC 2)
- Payment Card Industry Data Security Standard (PCI DSS)
- ISO Standards (e.g., ISO 27001/27002, 22301
- GDPR
- HITRUST
- Risk Assessments
- Risk Management
- Cyber Threats and Cybersecurity
- Agreed Upon Procedures
- Internal Audit Co-Sourcing
- EI3PA
Education/Experience
Project and focus areas within the Information Assurance Services practice include: