Submitting more applications increases your chances of landing a job.

Here’s how busy the average job seeker was last month:

Opportunities viewed

Applications submitted

Keep exploring and applying to maximize your chances!

Looking for employers with a proven track record of hiring women?

Click here to explore opportunities now!
We Value Your Feedback

You are invited to participate in a survey designed to help researchers understand how best to match workers to the types of jobs they are searching for

Would You Be Likely to Participate?

If selected, we will contact you via email with further instructions and details about your participation.

You will receive a $7 payout for answering the survey.


User unblocked successfully
Thank you. Your report has been submitted and will be reviewed shortly.
Skander Gharbi, IT Risk Consultant | Technology Risk Advisory

Skander Gharbi

IT Risk Consultant | Technology Risk Advisory·Deloitte

Tunisia

Master's degree, Administration And Information Systems

Work experience

Total years of experience: 2 years, 7 months

IT Risk Consultant | Technology Risk Advisory

September 2024 - Present

Deloitte

Montreal, Canada Remote

September 2024 - Present

ITGC & ITAC Testing
- Execute ITGC walkthroughs across 4 control domains (Access management, Privileged access, Change Management,
Operating systems, IT Risk Management) on SAP S/4HANA, ECC 6.0, and SAP Business and also for the generic information systems
for 8-10 client engagements per year.
- Perform ITAC testing — automated controls, interface controls— verifying SoD enforcement against PCAOB and ISAE 3402
standards.
- Rate control deficiencies (Critical/High/Medium/Low) and deliver audit workpapers consistently with zero rework requests from
senior managers.
SOX Compliance & IT Controls (Sections 302 & 404)
- Planned and executed SOX IT compliance testing by assessing the design and operating effectiveness of IT General Controls
(ITGCs) supporting financial reporting.
- Evaluated key control domains, including user access management, privileged access, change management, computer
operations, and interface controls, in accordance with SOX and PCAOB requirements.
- Assessed the impact of ITGC deficiencies on financial reporting risks and coordinated remediation activities with control owners
and external auditors.
- Developed and maintained Risk and Control Matrices (RCMs), performed control walkthroughs, documented test results, and
prepared audit evidence to support managements SOX certification.
- Collaborated with finance, IT, and business stakeholders to ensure compliance with SOX Sections 302 and 404, contributing to
successful internal and external audit engagements.
SAP Access Management & GRC
- Review SAP authorisation objects, role assignments, and profile parameters (SU01, SU10, SUIM, SE16, SM30) to detect
excessive access and SoD conflicts across client landscapes.
- Run batch risk analysis via SAP GRC Access Control (ARA, ARM, EAM); assess critical access combinations and validate
mitigating controls for unresolvable conflicts.
- Analyse SAP_ALL / SAP_NEW assignments, Firefighter (EAM) logs, and basis-level misconfigurations (S_TCODE, S_RFC,
S_DEVELOP) across production and non-production systems.
- Deliver SoD remediation roadmaps — avg. 30-40 high-risk access conflicts identified and resolved per engagement.
SOC 1 & SOC 2 / Regulatory Compliance
- Review SOC 1/2 (Type I & II) reports; assess CUECs and map findings to client control frameworks.
- Evaluate compliance with ISO 27001, ISO 22301, COBIT 2019, and NIST CSF; deliver risk-ranked remediation roadmaps to C
level management.
Client Advisory & International Missions
- Present findings to CIOs, IT Directors, and CFOs across Canada, Luxembourg, and Francophone Africa; participate in S/4HANA
migration reviews (greenfield & brownfield) validating migration controls and post-go-live monitoring.

Company industry:
Accounting

IT Consultant | Technology Risk Advisory — Graduation Internship

February 2024 - September 2024

Deloitte

Tunis, Tunisia

February 2024 - September 2024

SAP S/4HANA ITGC (Authorisation & Role Management Audit)
- Evaluated IT General Controls (ITGCs) in SAP S/4HANA and communicated findings to the senior audit team for a manufacturing
client.
- Audited SAP role lifecycle (creation, assignment, deprovisioning) for least-privilege compliance; flagged critical t-code access
(SE38, SE80, SM59, SCC4) assigned to business users in production.
- Documented 8 high-risk findings with root-cause analysis; remediation recommendations presented to client IT security team and
escalated to senior management.

Company industry:
Accounting

IT Process & Systems Integration Analyst

July 2023 - August 2023

SIRYOS

Tunis, Tunisia

July 2023 - August 2023

- Analysed SAP EWM-TM integration (SOA); documented process flows & data-flow controls (PPF/MRP/IDOC) supporting internal
compliance assessments.

Company industry:
IT Services

Education

ESPRIT School of Business

January 2024

January 2024

Master's degree, Administration And Information Systems

Tunisia

École Polytechnique Internationale Privée De Tunis

January 2021

January 2021

High school or equivalent, Industrial Engineering

Tunisia

Skills

COMPLIANCE MANAGEMENT

Intermediate

COMPOSITE MATERIALS

Intermediate

CONTROL ARM

Intermediate

FINANCIAL SERVICES

Intermediate

INFOR SOFTWARE

Intermediate

INFORMATION TECHNOLOGY AUDITS

Intermediate

INTERNAL AUDITING

Intermediate

RISK MANAGEMENT

Intermediate

SAP SECURITY

Intermediate

SARBANES OXLEY ACT SOX COMPLIANCE

Intermediate

Languages

English

Beginner

French

Beginner

Training and Certifications

Certifications
Master Audit & Conseil SI — Formation Qualifiante
IT Audit Fundamentals (ITGC, SAP S/4HANA & AS/400)
Technology Consultant Professional Certificate — SAP Learning
CISA (Certified Information Systems Auditor)
National Engineering Degree