IT Audit Associate 3 at Ernst & Young Global Limited (EY)

 Key Responsibilities

Cybersecurity Audits

• Plan and execute audits of IT systems, networks, and applications to identify vulnerabilities and compliance gaps.
• Review cybersecurity frameworks (e.g., NIST CSF, ISO 27001) and assess adherence.
• Conduct penetration testing and vulnerability assessments where applicable.

IT General Controls (ITGC)

• Evaluate user access management, authentication, and privilege controls.
• Review change management, backup, and disaster recovery processes.

Risk Assessment & Compliance

• Perform risk-based audits aligned with regulatory requirements (e.g., DORA, NIS2, PCI DSS).
• Prepare audit reports with actionable recommendations for remediation.

Incident Response & Governance

• Participate in cyber incident simulations and wargaming exercises.
• Advise on IT governance, cyber risk management, and business continuity planning.

Stakeholder Engagement

• Collaborate with IT, security, and business teams to implement audit findings.
• Communicate technical risks in clear, business-friendly language.

Qualifications

• Minimum 3 years of IT audit experience, with exposure to cybersecurity audits.
• Bachelor’s degree in Information Technology, Computer Science, or related field.
• Certifications: CISA (Certified Information Systems Auditor) preferred, CEH, CISSP or ISO 27001 Lead Auditor advantageous.

Additional Specialised Skills

• Experience in regulatory compliance audits (SOX, ISAE 3402).
• Knowledge of cyber risk assessment and governance frameworks.
• Strong IT audit experience, including SOX compliance.
• Sound knowledge of cybersecurity frameworks and practices, with the ability to apply standards such as ISO 27001 and ethical hacking principles.
• Excellent analytical, interpersonal, communication, writing, and presentation skills.