Digital Risk & Cloud IT Audit Assistant Manager / Manager - Johannesburg at Ernst & Young Global Limited (EY)

The Opportunity 

• The role provides the chance to lead and deliver Cloud Security assessments, architecture reviews, cloud control implementations, and cloud‑focused cyber transformation initiatives. You will work within multidisciplinary teams and gain exposure to EY’s global cloud frameworks and cloud risk standards. 
• Our structured career framework ensures continuous development, global exposure, and opportunities to grow into senior leadership roles. 

Key Responsibilities 

Cloud Security Delivery & Technical Leadership 

• Lead and deliver Cloud Security assessments using EY’s proprietary cloud security frameworks and industry standards (CSA CCM, NIST 800‑53, CIS Benchmarks, ISO 27001, CSP-native security frameworks).  
• Perform CSPM (Cloud Security Posture Management) reviews, identifying misconfigurations, compliance gaps, and risks across Azure, AWS, and Google Cloud.  
• Conduct architecture and design reviews, ensuring cloud solutions follow secure-by-design principles and align to EY Cloud Architecture & Landing Zone frameworks.  
• Support clients in implementing cloud risk and security controls, including IAM, network security, data protection, logging & monitoring, DevSecOps, and encryption. 

Cloud Transformation & Advisory 

• Guide clients on multi‑cloud security strategies, migration security, and operational governance.  
• Provide assurance over cloud transformations, using EY methodologies for program assurance and cloud governance.  
• Support clients in establishing Cloud Operating Models, policies, and standards aligned with regulatory and industry requirements. 

Risk, Compliance & IT Audit Support 

• Lead cloud-related IT risk assessments and integrate cloud controls into financial audit IT general controls and program assurance work. 
• Evaluate cloud security control compliance against frameworks (CSA CCM, CoBiT, ISO 27001, CIS Foundations). 

Client Engagement & Stakeholder Management 

• Present findings and recommendations to senior client stakeholders, translating technical concepts into business value. 
• Manage junior staff, review deliverables, and ensure high‑quality outputs. 

Practice Development & Thought Leadership 

• Contribute to proposals, cloud cyber service offerings, methodologies, and accelerators. 
• Act as a subject matter specialist in Cloud Security within the Cyber practice.  

Skills and Attributes for Success 

• Strong understanding of cloud platforms (Azure, AWS, GCP) and their native security services. 
• Deep knowledge of cloud security architecture, cloud IAM, network segmentation, logging and monitoring, key management, encryption, and DevSecOps pipelines. 
• Experience in CSPM, CIEM, CWPP, or Cloud Security Best Practices. 
• Strong grounding in IT governance, IT risk, and general cybersecurity frameworks (ISO 27001, NIST, CIS Benchmarks). 
• Excellent communication, stakeholder management, and report‑writing abilities. 
• Logical thinker, problem solver, and confident in leading engagements and teams. 
• Experience in project management across multiple engagements. 
• Business development experience is advantageous. 

To Qualify for the Role, You Must Have 

Education: 

• Bachelor’s degree in Information Systems, Computer Science, Engineering, or related fields. 
• Business / Audit background advantageous.  

Experience: 

• Assistant Manager: Minimum 3 to 5 years of experience in Cyber Security with at least 2 years in Cloud Security. 
• Manager: 5 to 8 years of experience with deeper leadership in cloud engagements. 
• Hands-on experience with Azure, AWS, or GCP cloud security tooling. 
• Exposure to management consulting, cloud security architecture, CSPM / CIEM tools, and program assurance. 

Certifications (Highly advantageous): 

Cloud Security: 

• CCSP, CCSK, Azure Security Engineer Associate, AWS Security Specialty, GCP Professional Cloud Security Engineer. 

Cyber & IT Audit: 

• CISSP, CISM, CISA, ISO 27001 Lead Implementer / Auditor.  

Cloud & Project Delivery: 

• Azure / AWS / GCP certifications, PMP, PRINCE2, COBIT, ITIL.