IT Controls Associate

Location: 100% Remote Duration: Contract - 6 months with potential to extend Overview: Grant Thornton is looking to hire a team of IT Controls Associates to support upcoming client initiatives. These Associates will actively participate in client engagements from start to completion, with a focus on executing and reporting on assigned project tasks. This includes co-sourced and outsourced IT internal audit, IT internal control assessments, IT risk management program assessments, tests of IT control design and operating effectiveness for Sarbanes-Oxley (SOX) and other compliance requirements, and helping clients design and implement IT controls. Responsibilities: Obtain an understanding of clients' industry, objectives, strategy, operations, processes, IT systems, and controls Execute IT control design and operating effectiveness test procedures based on engagement scope, and client environment risk factors Bring an innovative and analytical mindset to help our clients solve business issues and enable more efficient project execution Work with the project team and client to deliver services in accordance with project leadership and client expectations Work collaboratively with colleagues across Advisory Business Lines (ABLs) and with other Grant Thornton Service Lines (e.g., Audit Services and Tax Services) Meet or exceed defined performance metrics, perform other duties as assigned Qualifications: Bachelor's degree in Accounting, Finance, Information Technology, MIS, or a related field is required Minimum 1 year of related work experience with a professional services firm, or as part of a risk management, information security, or internal audit function Desire to pursue CISA, CISSP, CISM, CPA, CIA, or other relevant license/certification Experience in assessing the design and operating effectiveness of IT risk management or IT controls (IT general controls, application controls, interface controls, IT infrastructure controls, key report integrity, etc.) for Internal Audit, SOX compliance, System & Organization Control (SOC) reporting, or other risk, compliance, or assurance activities Understanding of current IT risk and control focus areas of external financial statement auditors Understanding of IT risk management and cybersecurity risk management standards (COBIT, NIST CSF, etc.) Ability to execute multiple engagements and completing priorities in a rapidly growing team environment Exceptional client service, communication, analytical, organizational and project management skills Strong computer skills, including proficiency in Microsoft Visio and Office Suite applications Can travel as needed Interview Process: 30 minute interview with Manager 30 minute interview with Manager and Colleague Sample IT Controls Candidate Bio:PROFESSIONAL SUMMARY Experienced professional with a strong background in risk management, compliance, and IT controls. Skilled in conducting risk assessments, evaluating security controls, and implementing compliance frameworks such as NIST and ISO 27001. Proven ability to thrive in fast-paced environments, adapt to change, and communicate technical matters to non-technical audiences. PROFESSIONAL EXPERIENCESenior Consultant, Technology Risk Audit Led IT Audit walkthroughs for Key Reports/IPE Reports, IT Automated Controls, and IT General Controls, ensuring compliance with security requirements Conducted comprehensive evaluations of client security controls and IT environments, identifying process and control gaps Coordinated with global and cross-functional teams, proactively communicated with stakeholders, and trained new associates on security controls and risk management Developed documentation on risk reduction and remediation strategies aligning with SOX regulations and business objectives Senior Technology Risk Consultant Developed new SOX Compliance IT risk frameworks and internal controls focused on digital asset risk management, DeFi activity, and cryptocurrency exchanges Led and trained team, overseeing the completion of protocol audits for top 100 digital assets on the market Developed CPE/training materials to educate senior executives on blockchain technology and audit methodologies Created process and data flow diagrams for major cryptocurrency exchanges and custodians Conducted risk assessments and developed mitigation strategies for emerging technologies in the fintech sector Technology Risk Consultant Built internal audit program for Pre-IPO Readiness, covering 150+ IT and technology risk controls Implemented a new risk assessment methodology, Conducted thorough reviews of vendor and customer contracts to identify potential IT internal control risks or requirement Developed comprehensive process narratives for IT operations, enhancing stakeholders' understanding of control frameworks Evaluated requests for exceptions to IT policies, ensuring sufficient mitigating controls were in place Advisory Intern Gained comprehensive understanding of financial risk management, regulatory compliance, and technology controls in high-growth environments SKILLS & INTERESTSCertifications: Certified Information Systems Auditor (CISA), CISSP Certification, Google Cybersecurity Professional, Microsoft Generative AI for Data Analysis Professional Certificate, Google Cloud Cybersecurity Expertise: IT General & Automated Controls, SOC 1 and SOC 2 Reports, ICFR Reporting, GRC Risk Management, Blockchain Technology, NIST 800/ISO 27001 Security Frameworks, COBIT Governance Framework, ITIL Framework, Internal audit execution, Control testing, Risk management, Technology and security controls, ISO 27001, Data analytics and automation Technical Skills: Microsoft Office Suite, SQL, Python, Excel VBA, Solidity, Required Skills : SOX,Risk Management Basic Qualification : Additional Skills : Background Check : No Drug Screen : No

Created: 2026-03-10