Technology Consulting, IT Audit Associate 3

Our national practice assists clients in providing IT audit services in support of our financial audits. We also provide IT governance and IT risk related services to a variety of clients and particularly in the Financial Services, Oil & Gas, Retail and government sectors.

The opportunity

Our structured career framework means you’ll continue to develop, whatever level you’re at. So,whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.

Key Responsibilities

• Cybersecurity Audits

• Plan and execute audits of IT systems, networks, and applications to identify vulnerabilities and compliance gaps.

• Review cybersecurity frameworks (e.g., NIST CSF, ISO 27001) and assess adherence.

• Conduct penetration testing and vulnerability assessments where applicable.

• IT General Controls (ITGC)

• Evaluate user access management, authentication, and privilege controls.

• Review change management, backup, and disaster recovery processes.

• Risk Assessment & Compliance

• Perform risk-based audits aligned with regulatory requirements (e.g., DORA, NIS2, PCI DSS).

• Prepare audit reports with actionable recommendations for remediation.

• Incident Response & Governance

• Participate in cyber incident simulations and wargaming exercises.

• Advise on IT governance, cyber risk management, and business continuity planning.

• Stakeholder Engagement

• Collaborate with IT, security, and business teams to implement audit findings.

• Communicate technical risks in clear, business-friendly language.

Core Skills & Attributes

• Strong analytical and problem-solving skills.

• Ability to work independently and manage multiple audits simultaneously.

• Excellent communication and report-writing skills.

• High ethical standards and attention to detail.

Technical Skills

• Knowledge of cybersecurity tools and technologies (Firewalls, IDS/IPS, VPN, DLP).

• Familiarity with IT audit methodologies and frameworks (COBIT, ITIL).

• Proficiency in data analytics for audit testing.

• Understanding of cloud security and emerging cyber threats.

Qualifications

• Minimum 3 years of IT audit experience, with exposure to cybersecurity audits.

• Bachelor’s degree in Information Technology, Computer Science, or related field.

• Certifications: CISA (Certified Information Systems Auditor) preferred,CEH, CISSP or ISO 27001 Lead Auditor advantageous.

Additional Specialised Skills

• Experience in regulatory compliance audits (SOX, ISAE 3402).

• Knowledge of cyber risk assessment and governance frameworks.

• Strong IT audit experience, including SOX compliance.

• Sound knowledge of cybersecurity frameworks and practices, with the ability to apply standards such as ISO 27001 and ethical hacking principles.

• Excellent analytical, interpersonal, communication, writing, and presentation skills.

About EY

As a global leader in assurance, tax, transaction and advisory services, we hire and develop the most
passionate people in their field to help build a better working world. This starts with a culture that
believes in giving you the training, opportunities and creative freedom to make things better. So that
whenever you join, however long you stay, the exceptional EY experience lasts a lifetime