Information Security Audit Manager - EY Global Delivery Services

at  EY

INFORMATION SECURITY COMPLIANCE MANAGER

At EY, Information Security is not just about responding to threats; it’s about proactively safeguarding our brand and our clients’ trust. Our robust technical security controls, well-defined security strategies, and vigilant compliance and incident management programs are designed to outpace the sophistication of threats targeting our organization.

YOUR KEY RESPONSIBILITIES

• Champion the Technology function leaders in all aspects related to ITGC and SDLC controls, becoming the go-to expert and support system.
• Evaluate and refine the current ITGCs and SDLC controls, ensuring continuous improvement and relevance.
• Take the lead in risk identification, control design and implementation, and the creation of essential documentation.
• Drive the annual risk assessment process, ensuring control owner certifications and function leader attestations are completed with integrity.
• Coordinate the annual Internal Audit testing of IT general controls and the System Development Life Cycle (SDLC) controls, supporting control owners, operators as well as the auditors enabling an efficient audit process.
• Actively support the remediation of control gaps and the execution of quality improvement plans, ensuring the highest standards are met.
• Provide your expertise in technology risks and controls to various technology leaders, business function leaders, and team members, fostering a culture of knowledge sharing.
• Offer assistance to global, area, and service line teams, particularly on Technology-related topics, becoming a valuable resource across the organization.
• Maintain an up-to-date understanding of the current security threat landscape and information security frameworks such as ISO27001, SOC 1, and SOC 2, ensuring our defenses are always ahead of the curve.

TO QUALIFY FOR THE ROLE, YOU SHOULD HAVE:

• A minimum of 5 years of work experience applying relevant IT audit skills in audit engagements.
• Strong English language proficiency – both written and verbal communication skills are essential.
• Excellent time management, interpersonal, communication, organizational, and decision-making skills.
• A solid background in Financial Audit IT (FAIT) engagements, with in-depth knowledge in areas such as:
• IT Audit Methodology and IT General Controls.
• System Development Life Cycle.
• Interfaces and key reports testing.
• Proficiency in MS Office suite (Word, Excel, PowerPoint).
• A collaborative spirit to work effectively with teams to facilitate, schedule, and coordinate required audit activities.
• CISA, CIA, CISSP, or CISM certification is a plus and will set you apart.