About Us
RSM Australia supports a people-centric and collaborative culture where we are committed to empowering and developing you. As a leading professional services firm, we connect you to an extensive network of global resources and invest in your future. We value the meaningful work that you do and encourage you to be a part of the change.
The Role
Successful candidates will be responsible for effectively delivering engagements and projects while managing client relationships and staff. Security & Privacy (S&P) consultants are expected to have responsibility for extensive client contact, staff training, management & development; and liaising with third parties You will be skilled and experienced at managing the whole project lifecycle for IT general controls audit, cyber security and information security services. As consultant you will also aspire to developing strategic, business development and leadership skills.
The RSM Security & Privacy Services provide specialist skills in the disciplines of IT governance, IT risk consulting, Cyber, information security and IT audit. We service organisations in the government and private sectors and operate across all technology platforms and software environments.
Key Responsibilities:
1. Perform IT / Cyber / technology risk assessments, technical security related reviews, assess the effectiveness of processes/controls and risks related to third party organisations.
2. Executing and completing individual IT and cyber security audits and special project reviews relating to various applications, IT infrastructure and other relevant IT domains.
3. Conducting independent risk-based IT and cyber security audits to assess the adequacy and effectiveness of internal controls, the reliability and integrity of the client’s business and IT systems.
4. Conducting various audit engagements simultaneously with numerous engagement team members per audit, including assisting with planning, execution and scheduling staff.
5. Undertaking or arranging to undertake special consulting or other reviews as required. These may include system software reviews, new system development technical evaluations, post implementation reviews, contingency planning reviews, logical / physical access reviews and installation reviews.
6. Assist in the planning of client deliverables (i.e. strategic internal audit plan, scope documents).
7. Responsible for the execution of fieldwork and documentation of findings (i.e. maintain the audit file).
8. Providing IT general controls and application controls audit support to external audit.
9. Determining the objectives, scope and extent of each audit and ensure that the audit is professionally and efficiently completed within deadlines.
10. Assist in business development activities of the firm.
11. Coordination with other divisions.
12. Address technical issues and assist in preparing technical position papers.
Education and other Requirements:
13. Successful Criminal Record Screening Clearance.
14. Relevant tertiary degree and/or qualification is essential.
15. Relevant professional certification/qualification is essential, e.g., Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®); Certified Information Security Manager® (CISM®); Certified in Risk and Information Systems Controls® (CRISC®); etc.
Demonstrated Experience & Attributes
16. Minimum 4-5 years’ Professional Services experience in Cyber / IT technical delivery, IT audit, internal controls, or risk management.
17. Experience performing security risk assessments, testing or auditing of cybersecurity or information security standards or governance frameworks (e.g. one or more of COBIT, NIST Cyber Security Framework, ASD Top 35 and Essential Eight, PCI DSS, CIS Critical Security Controls Top 20, PSPF, Australian Government Information Security Manual, VPDSS, ISO/IEC 27001, Cloud Security Alliance Guidance, Australian Privacy Principles, GDPR).
18. Experience in performing engagements where teams are completing various technical testing assessments and be able to translate technical findings and articulate recommendations for non-technical client staff.
19. Demonstrated knowledge of control best practices in IT general controls and applications.
20. Demonstrated Knowledge of IT processes, project management, applications, databases, operating systems and network infrastructure to apply better practice guidance and identify opportunities for improvement.
Life at RSM:
RSM provides a great environment to build skills and confidence and we help our people achieve their best. We are trusted advisors to our clients, so it is critical for us to find the right people for the job on offer. Our network of offices across Australia and around the world allow us to offer a personal service to all our clients regardless of where they are!
Working for RSM entitles everyone to a wide range of leading health, wellness financial and lifestyle benefits.