Senior Associate – Risk Assurance_Beijing

  • negotiable
  • Beijing, Beijing Shi, China
  • Permanent, Full time
  • PricewaterhouseCoopers Zhong Tian LLP
  • 15 Feb 17

PwC - Mainland China, Hong Kong and Macau PwC China, Hong Kong and Macau work together on a collaborative basis, subject to local applicable laws. Collectively, we have around 520 partners and a strength of around 12,100 people. Providing organisations with the professional service they need, wherever they may be located. Our highly qualified, experienced professionals listen to different points of view to help organisations solve their business issues and identify and maximise the opportunities they seek. Our industry specialisation allows us to help co-create solutions with our clients for their sector of interest.

About Risk Assurance

Business today is increasingly complex – from the way organisations are managed and structured, through increasing integration with business partners and service providers, to the ever greater levels of reliance placed on underlying information systems and business processes. In addition, new regulations – domestic and international – are placing a greater emphasis on the effectiveness of internal controls, and this often requires independent assurance. You will provide value-added insights that help to improve system and business control effectiveness across various organizations.

 

The firm provides a wide range of services to help organisations solve business issues, identify and maximise opportunities. Our industry specialisation enables us to identify trends and customise solutions for each sector of interest. Each line of service is staffed with highly qualified, experienced professionals and leaders in our profession. These resources, combined with our global network, allow us to provide the support needed wherever we may be located.

Job Description &   Responsibilities

 

We are currently looking for individuals with strong information security, technology risk, IT strategy and governance background.

  • Key responsibilities include: designing, assessing and implementing technology risk and information security management framework, policies, standards, procedures and solutions such as Enterprise-wide Identity & Access Management (I&AM), Data Loss Prevention (DLP) and Security Information & Event Management (SIEM) solutions, using ISO27001, ISO20000 and CoBIT as the internationally recognised information security and IT service management standards,
  • analysing complex client server systems and multi-platform infrastructure and application systems (including operating system, database, web server, firewall and router, electronic trading / banking systems, etc.),
  • providing assurance over the operations and approach of management service providers in any outsourcing of the IT function, and
  • establishing risk governance recommendations on emerging policies to support development of new procedures and methodologies to minimise risks.
  • You will be expected to take a consultant's approach to the attest / assurance process of a client's operations utilising our practice methodology to assess our client's operations.  You will be responsible for conveying pragmatic solutions to our client's complex business problems through the use of written reports and presentations.  The opportunity will be available for you to develop your responsibility in supervising, coaching, developing and leading teams and individual team members.

Requirements

 

  • University degree majoring in accounting, business administration, information systems, computer science, engineering, statistics, accounting, and / or business administration;
  • Professional qualifications:  CISA, CISM, CISSP, CEH, CISP or other security related qualifications;
  • Minimum of 3 years system design / implementation and / or security assessment / IT audit experience with a reputable professional / consulting firm or multi-national corporations; (Candidate with less years of experience will be considered for Senior Associate or Associate positions);
  • Practical experience and working knowledge in two or more of the following - business & system processes review, IT auditing, information security management, IT / technology risk management, design and implementation of security solutions such as I&AM, DLP and SIEM, network and system penetration testing, application security testing and code review;
  • Familiar with security and control for technologies / enterprise applications: Unix, Windows, Firewall, Routers, SAP, Oracle, Hyperion and/ or evaluating and implementing information security management, IT service management and IT governance framework using ISO27001, ISO20000, ITIL and COBIT respectively;
  • Strong fluency in information technology general controls concepts in the areas of systems development, change management, computer operations and access to programs and data; ability to identify and assess business process controls and linkage to IT systems;
  • Familiar with security and control for technologies: Unix, Windows, database, Firewall, Router, mobile technologies (e.g., IOS, Android), etc.;
  • Excellent communication skills in both oral and written English and Chinese;
  • Flexible, self-starter possessing intellectual curiosity;
  • Ability to interact with executive levels of client and firm management;
  • Effective project management, interpersonal and influencing skills are essential; and
  • Flexibility to travel to out-of-town engagements.

 

About Risk Assurance

Business today is increasingly complex – from the way organisations are managed and structured, through increasing integration with business partners and service providers, to the ever greater levels of reliance placed on underlying information systems and business processes. In addition, new regulations – domestic and international – are placing a greater emphasis on the effectiveness of internal controls, and this often requires independent assurance. You will provide value-added insights that help to improve system and business control effectiveness across various organizations.

 

The firm provides a wide range of services to help organisations solve business issues, identify and maximise opportunities. Our industry specialisation enables us to identify trends and customise solutions for each sector of interest. Each line of service is staffed with highly qualified, experienced professionals and leaders in our profession. These resources, combined with our global network, allow us to provide the support needed wherever we may be located.

Job Description &   Responsibilities

 

We are currently looking for individuals with strong information security, technology risk, IT strategy and governance background.

Key responsibilities include: designing, assessing and implementing technology risk and information security management framework, policies, standards, procedures and solutions such as Enterprise-wide Identity & Access Management (I&AM), Data Loss Prevention (DLP) and Security Information & Event Management (SIEM) solutions, using ISO27001, ISO20000 and CoBIT as the internationally recognised information security and IT service management standards,
analysing complex client server systems and multi-platform infrastructure and application systems (including operating system, database, web server, firewall and router, electronic trading / banking systems, etc.),
providing assurance over the operations and approach of management service providers in any outsourcing of the IT function, and
establishing risk governance recommendations on emerging policies to support development of new procedures and methodologies to minimise risks.
You will be expected to take a consultant's approach to the attest / assurance process of a client's operations utilising our practice methodology to assess our client's operations.  You will be responsible for conveying pragmatic solutions to our client's complex business problems through the use of written reports and presentations.  The opportunity will be available for you to develop your responsibility in supervising, coaching, developing and leading teams and individual team members.

Requirements

 

University degree majoring in accounting, business administration, information systems, computer science, engineering, statistics, accounting, and / or business administration;
Professional qualifications:  CISA, CISM, CISSP, CEH, CISP or other security related qualifications;
Minimum of 3 years system design / implementation and / or security assessment / IT audit experience with a reputable professional / consulting firm or multi-national corporations; (Candidate with less years of experience will be considered for Senior Associate or Associate positions);
Practical experience and working knowledge in two or more of the following - business & system processes review, IT auditing, information security management, IT / technology risk management, design and implementation of security solutions such as I&AM, DLP and SIEM, network and system penetration testing, application security testing and code review;
Familiar with security and control for technologies / enterprise applications: Unix, Windows, Firewall, Routers, SAP, Oracle, Hyperion and/ or evaluating and implementing information security management, IT service management and IT governance framework using ISO27001, ISO20000, ITIL and COBIT respectively;
Strong fluency in information technology general controls concepts in the areas of systems development, change management, computer operations and access to programs and data; ability to identify and assess business process controls and linkage to IT systems;
Familiar with security and control for technologies: Unix, Windows, database, Firewall, Router, mobile technologies (e.g., IOS, Android), etc.;
Excellent communication skills in both oral and written English and Chinese;
Flexible, self-starter possessing intellectual curiosity;
Ability to interact with executive levels of client and firm management;
Effective project management, interpersonal and influencing skills are essential; and
Flexibility to travel to out-of-town engagements.

 

About Risk Assurance

Business today is increasingly complex – from the way organisations are managed and structured, through increasing integration with business partners and service providers, to the ever greater levels of reliance placed on underlying information systems and business processes. In addition, new regulations – domestic and international – are placing a greater emphasis on the effectiveness of internal controls, and this often requires independent assurance. You will provide value-added insights that help to improve system and business control effectiveness across various organizations.

 

The firm provides a wide range of services to help organisations solve business issues, identify and maximise opportunities. Our industry specialisation enables us to identify trends and customise solutions for each sector of interest. Each line of service is staffed with highly qualified, experienced professionals and leaders in our profession. These resources, combined with our global network, allow us to provide the support needed wherever we may be located.

Job Description &   Responsibilities

 

We are currently looking for individuals with strong information security, technology risk, IT strategy and governance background.

  • Key responsibilities include: designing, assessing and implementing technology risk and information security management framework, policies, standards, procedures and solutions such as Enterprise-wide Identity & Access Management (I&AM), Data Loss Prevention (DLP) and Security Information & Event Management (SIEM) solutions, using ISO27001, ISO20000 and CoBIT as the internationally recognised information security and IT service management standards,
  • analysing complex client server systems and multi-platform infrastructure and application systems (including operating system, database, web server, firewall and router, electronic trading / banking systems, etc.),
  • providing assurance over the operations and approach of management service providers in any outsourcing of the IT function, and
  • establishing risk governance recommendations on emerging policies to support development of new procedures and methodologies to minimise risks.
  • You will be expected to take a consultant's approach to the attest / assurance process of a client's operations utilising our practice methodology to assess our client's operations.  You will be responsible for conveying pragmatic solutions to our client's complex business problems through the use of written reports and presentations.  The opportunity will be available for you to develop your responsibility in supervising, coaching, developing and leading teams and individual team members.

Requirements

 

  • University degree majoring in accounting, business administration, information systems, computer science, engineering, statistics, accounting, and / or business administration;
  • Professional qualifications:  CISA, CISM, CISSP, CEH, CISP or other security related qualifications;
  • Minimum of 3 years system design / implementation and / or security assessment / IT audit experience with a reputable professional / consulting firm or multi-national corporations; (Candidate with less years of experience will be considered for Senior Associate or Associate positions);
  • Practical experience and working knowledge in two or more of the following - business & system processes review, IT auditing, information security management, IT / technology risk management, design and implementation of security solutions such as I&AM, DLP and SIEM, network and system penetration testing, application security testing and code review;
  • Familiar with security and control for technologies / enterprise applications: Unix, Windows, Firewall, Routers, SAP, Oracle, Hyperion and/ or evaluating and implementing information security management, IT service management and IT governance framework using ISO27001, ISO20000, ITIL and COBIT respectively;
  • Strong fluency in information technology general controls concepts in the areas of systems development, change management, computer operations and access to programs and data; ability to identify and assess business process controls and linkage to IT systems;
  • Familiar with security and control for technologies: Unix, Windows, database, Firewall, Router, mobile technologies (e.g., IOS, Android), etc.;
  • Excellent communication skills in both oral and written English and Chinese;
  • Flexible, self-starter possessing intellectual curiosity;
  • Ability to interact with executive levels of client and firm management;
  • Effective project management, interpersonal and influencing skills are essential; and
  • Flexibility to travel to out-of-town engagements.