Bough Consulting
Website:
boughconsulting.com
Job details:
Bough is a decidedly different kind of advisory, assurance, and transformation solutions firm. Working collaboratively with clients in finance, audit, and compliance organizations, we co-create integrated solutions that connect people, processes, and technologies to navigate accounting, reporting, and compliance matters.
Our services include finance and accounting advisory, revenue assurance, FP&A advisory and support, risk advisory, and process automation and transformation.
We are busy and sometimes crazy busy delivering exceptional results to our clients with trust, quality, and humanness. Our name 'Bough' means the main branch of a tree - a name that keeps us grounded in nature and emphasizes our belief that we wish to be the main branch on which our clients and employees lean with trust.
For any position we are hiring, we don’t just want you to be an ambitious, analytical, multi-skilled, risk-taking go-getter for Bough. We want you to be more. More for yourself and for anything you undertake. Socially responsible, intuitive, empathetic, trustworthy, thoughtful, imaginative, creative, and curious are some words that resonate with us. Your skills are a qualifier, and we believe that each of us is much more than the skills we bring to our job - the person we are looking for…
Role Overview
As an ITGC Risk Consultant within Bough’s IT Risk Advisory team, you will contribute to a broad range of client engagements spanning IT governance, risk, and compliance (GRC), IT General Controls (ITGC), cybersecurity, and IT compliance. This role offers the opportunity to develop deep, practical expertise while supporting meaningful risk management and transformation initiatives for leading organizations. You will work closely with senior consultants, managers, and client stakeholders, gaining hands‑on exposure to complex IT environments and delivering high‑quality, pragmatic solutions.
Key Responsibilities
- Assess interface controls to ensure the accuracy and completeness of data flows between systems (e.g., ERP to sub-ledgers, third-party integrations)
- Support ERP system testing (e.g., SAP, Oracle), including configuration reviews, security roles, and control design assessments
- Assist in SOC 1 / SOC 2 reviews, evaluating service organization controls and third-party risk impacts on client environments
- Support IT General Controls (ITGC) assessments across access management, change management, backup, and IT operations
- Assist in evaluating application controls, including configuration reviews, automated controls, and system interfaces
- Participate in process walkthroughs with client IT teams to understand systems, risks, and control activities
- Develop and maintain risk and control matrices (RCMs), process documentation, and workpapers
- Identify control gaps or observations and document them clearly with supporting details
- Collaborate with client IT teams to understand system landscapes, critical applications, and data flows to map risks and control points
- Coordinate with control owners to obtain testing evidence, support audit documentation, and address external auditor queries during audit reviews
- Conduct research on cybersecurity risks, IT compliance standards, and emerging technologies, and contribute insights to strengthen Bough’s technology risk function
Qualifications & Experience
- 2–4 years of hands-on experience in IT Audit, ITGC/ITAC testing, SOC engagements, or related IT risk and controls roles
- Working knowledge of IT risk and control frameworks such as COBIT, NIST, ISO 27001, SOC 1/SOC 2, and practical experience applying ITGC and ITAC concepts in client environments
- Hands-on experience executing ITGC, ITAC, SOC, or application control testing, including walkthroughs, evidence collection, and documentation
- Proficiency with MS Office tools (Excel, Word, PowerPoint), with the ability to prepare clear workpapers and client-ready documentation; familiarity with audit, GRC, or analytics tools is a plus
- Ability to communicate effectively with technical and non-technical stakeholders, including control owners and auditors, to support testing and resolve queries
- Strong attention to detail, organizational skills, and the ability to manage multiple testing activities in a fast-paced consulting environment
Preferred Skills
- Excellent analytical and problem-solving ability with a strong risk and control mindset
- Strong written and verbal communication, able to explain technical concepts clearly
- High energy, enthusiasm, and a commitment to exceeding client expectations
- Proactive mindset with eagerness to learn, take ownership, and grow in a consulting environment
- Ability to work independently and collaboratively with project teams and client stakeholders
Click on Apply to know more.