EY HCMC_ IT Risk & Assurance Manager, Advisory in Vietnam

Title: HCMC_ IT Risk & Assurance Manager, Advisory

Location: Vietnam

Job Number: VIE000QY

  • Experiences to draw upon for the rest of your career

  • Be part of a high performing team

  • Build your personal brand with business leaders

About the opportunity

Are you good at seeing the big picture? Then join EY and gain experiences that will last a lifetime.

Our IT Risk & Assurance services, are designed for the dual purpose of strengthening internal controls and, in so doing, helping to improve IT and business performance. In addition to assurance-related engagements, our IT risk advisory services focus on IT governance and effectiveness; IT program management and assurance; security and controls of Enterprise Resource Planning (ERP) implementations; and business intelligence and information analysis.

We are currently offering positions in the following areas:

  • Application Risk & Controls practice

  • Information Management and Analysis Services practice

  • Financial Services Technology Risk and IT Regulatory Services

About you

In your role as an IT Risk & Assurance Manager you’ll:

  • Effectively manage and motivate client engagement teams with diverse skills and backgrounds.

  • Foster relationships with client personnel at appropriate levels.

  • Consistently deliver quality client services and manage expectations of client service delivery.

  • Drive high-quality work products within expected timeframes and on budget.

  • Monitor progress, manage risk and ensure key stakeholders are kept informed about progress and expected outcomes.

  • Stay abreast of current business and industry trends relevant to the client's business.

  • Cultivate and manage business development opportunities.

  • Understand Ernst & Young and its service lines and actively assess/present ways to serve clients.

  • Develop and maintain long-term relationships and networks with clients and internal EY stakeholders

  • Demonstrate deep technical capabilities and professional knowledge.

  • Possess in depth business acumen and demonstrate ability to quickly assimilate to new knowledge.

  • Remain current on new developments in advisory services capabilities and industry knowledge.

  • Provide constructive coaching to team members and to foster an innovative and inclusive team-oriented work environment.

  • Play an active role in counseling and mentoring junior consultants within the organization.


We’re looking for people with the following experience:

  • A recognized university degree in accounting, business, information technology, engineering, mathematics or other relevant discipline

  • At least 6 years of relevant consulting or industry experience, preferably in a professional services environment or MNC.

  • Candidates who possess professional certifications such as Certified Public Accountant (CPA), Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) and / or Certified Fraud Examiner (CFE) are highly encouraged to apply.

  • Proficiency with Microsoft Excel, Access, Word, and PowerPoint

  • Strong analytical, interpersonal, communication, writing and presentation skills

  • Demonstrates integrity, values, principles, and work ethic

  • Willingness to travel on overseas assignment as the need arises

In addition, candidates should have experience in at least one of these specific areas below:

  1. Application Risk & Controls

This practice focuses on enterprise IT application assessment, Governance, Risk and Compliance (GRC) technology assessment, IT Application and Tool Implementation. We deliver valuable insights and enable better business decisions through improved quality of information.

To qualify, candidates should have:

  • Working experience on at least two (2) full cycles of access control framework definition, security role design, remediation and implementation for ERP solutions such as SAP and Oracle.

  • Working experience in performing business process controls review, access controls review (e.g., segregation of duties) and project risk assessments in an ERP environment. Having experience in continuous controls monitoring and controls optimization type of work would be an advantage.

  • In-depth knowledge on key risks and expected controls (including compensating controls) in one or more business processes (e.g., procure to pay, and financial statement close)

  • Understanding of and/or implementation experience with a variety of GRC tools (e.g., SAP GRC and Oracle ICM)

  1. Information Management and Analysis Services

This practice focuses on analytics delivery, analytics enablement, data quality and governance, and data management. We deliver valuable insights and enable better business decisions through effective collection, storage, analysis and management of quality of information.

To qualify, candidates should have:

  • Working experience in one or more of the following domains: data / statistical analysis, data management, data quality assessment and profiling, data governance, data warehouse / Cubes development, business intelligence, data mining, data conversion, continuous auditing / monitoring, data modeling, and/or ETL development

  • Competency with one or more of the following tools would be an added advantage: SQL, R, ACL, IDEA, SAS, SPSS, Business Objects, Congos, Tableau, Spotfire or other OLAP / analysis tools

  • In-depth knowledge with analytics implementation / development in one or more domains / industries (e.g., procurement, HR, banking and / or government) would be useful

  • Strong analytical and problem-solving skills, and ability to work with incomplete or imperfect data.

  • Ability to identify and visualize relationships within large, not obviously related data sets.

  • Familiarity with linear algebra and matrix algorithms is a plus. Ability to build and interpret probabilistic models of complex, high-dimensional systems is a plus.

  1. Financial Services Technology Risk and IT Regulatory Services

This practice focuses on operational, management and governance aspects of technology risk and providing end-to-end IT regulatory advisory services. This requires relevant industry understanding and prior experience in handling or with regulators would be beneficial.

To qualify, candidates should have:

  • Strong understanding of industry operational and technology risk management processes and underlying technology controls

  • Experience in engaging and managing a variety of stakeholders with an ability to consult and develop remediation options, risk mitigation solutions

  • Understanding of regulatory reporting requirements and underlying technology requirements

  • Practical experience and understanding of technology and business processes in providing related risk assurance and advisory considerations

About us

EY is a global professional services organization providing advisory, assurance, tax and transaction services. We are committed to doing our part in building a better working world for our people, our clients and our communities. And we are united by our shared values and a dedication to delivering exceptional client service.


You know what your goals are. We want to help you reach them. This is why our goal is to challenge you with opportunities that utilize your unique talents, interests and skills. Building on your strengths is just one more way we build a better working world. Our goal is to help you achieve yours. Create the career you want and apply today.

We invite qualified candidates to apply online.