IT Internal Audit & Technology Assurance Senior Consultant

A. Engagement lifecycle & delivery management (IT Internal Audit / Technology Assurance / Technology Advisory)]

• Proven track record to scope, plan, execute & manage, report & conclude on Internal Audit engagements that specialise in IT.
• Proven track record to deliver on Assurance and Advisory Internal Audit engagements by identifying risks, performing testing, researching governing policies / regulations, and developing reports.
• Ensures findings and recommendations are aligned with the audit objectives by keeping in mind the engagement business context and also Board Expectations (ARC).
• Demonstrated technical skills and methodology application.
• Able to develop customised audit programs for ad hoc systems.
• Ability to perform specialised IT internal audit services, such as: IT governance, cloud risk, project assurance, emerging technology assurance and ESG
• Experience in performing project audits, systems post-implementation reviews (incl. data migration reviews) for multiple systems (i.e: SAP ECC / SAP S/4 / Oracle / Coupa / Sage).
• Proven track record to run end-to-end ITGC and ACR audits independently.
• Ability to independently lead multiple concurrent IT Internal Audit engagements while maintaining quality, timelines, and stakeholder expectations.
• Ability to translate business objectives and strategic risks into a clear, risk-based IT audit approach.
• Ability to manage engagement risk, including scope creep, dependency risks, and data availability constraints.

[B. Risk, controls & assurance standards expertise]

• Uses industry leading frameworks and tools to analyse client’s documentation and identify risks that require control assurance.
• Tests validity of client’s historical financial and non-financial information, leveraging relevant standards (e.g. ISAE 3000), as appropriate.
• Ability to execute on Third party assurance engagements (ISAE3402 / SOC) and unstructured controls advisory projects.
• Articulates client’s regulatory framework by leveraging Deloitte’s proprietary approaches and applicable audit standards and guidelines.
• A good understanding of how to link risks and controls to ensure test steps and controls and risks all speak to each other.

[C. Technical IT & systems knowledge]

• Demonstrated knowledge of ERP systems including SAP, Oracle etc.
• Demonstrated knowledge and experience of key databases (SQL, Oracle) and understanding of the associated security issues and vulnerabilities.
• Demonstrated knowledge and technical skills on “core operating systems” e.g. Windows, UNIX, etc.
• Ability to perform focused IT reviews including data conversion, interface reviews, segregation of duties and SAP authorisations.
• Ability to research “unknown” systems or audit in-house developed systems
• Experience analysing system evidence independently (configurations, logs, extracts) rather than relying solely on management-prepared documentation.

[D. Digital, emerging technology & unstructured advisory capabilities]

• Fluent on Digital Risk and highly knowledgeable on Emerging Technologies.
• Ability to execute on unstructured controls advisory engagements including Cloud, Payments, IT risk & governance, RPA etc.
• Developed skills in Agile and DevOps methodologies
• Developing Digital fluency and knowledge on Emerging technologies, including Cloud, RPA, AI, etc.
• Understanding of control considerations in cloud-native environments (e.g. shared responsibility models).
• Awareness of ethical, data privacy, and model governance risks relating to AI and advanced analytics.

[E. Sales, business development & client relationship management]

• Ability to proactively identify client pain points and translate them into clearly articulated engagement opportunities.
• Experience contributing to proposal development, including scope definition, effort estimation, and risk considerations.
• Ability to position IT Internal Audit and digital risk services as enablers of business value, not only compliance.
• Ability to identify cross-service collaboration opportunities within broader assurance or advisory offerings.