Senior / AM, Technology Risk Ernst & Young AE

Your key responsibilities

A large part of the role will be engagement delivery and EY will expect the candidates to lead and deliver engagements with very minimal supervision. EY also expects the candidates to support executives in development of proposals, presentations and other business development activities. The candidate will be responsible for the delivery and quality of the final reports to EY's clients.

An existing track record of successful engagement delivery in Technology Risk is expected of all candidates for this role. A Big 4 background or comparable consulting experience is highly advantageous. A broad background across IT and Cybersecurity is expected with specific experience in the following areas:

• Expertise in Risk and Governance Frameworks, including IT governance frameworks (e.g., COBIT, ITIL, NIST), ISO 27001 standards, information security principles, policy development, and risk assessment.
• Proficiency in IT Systems Audit, encompassing planning, execution, audit methodologies, complex IT environment evaluation, control weakness identification, and effective communication of findings.
• Comprehensive knowledge of internal controls over financial reporting (ICFR), covering ITGCs, ITACs, SOX requirements, supporting financial audits with IT expertise, and strong liaison skills with financial auditors.
• Good understanding around the application systems such as SAP, Oracle, Microsoft Dynamics and operating systems and databases.
• Strong understanding of Business Continuity Planning (BCP), including BCP/DRP principles, business impact analyses, recovery strategy development, and plan testing.
• Strong understanding of cybersecurity fundamentals, including common threats, vulnerabilities, basic principles, and contributions to cybersecurity discussions.
• General Skills: Excellent analytical, problem-solving, communication, presentation, project management, organizational, leadership, client service, and business development skills.

Skills and attributes for success

• Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or in a related field.
• Relevant professional certifications (e.g., CISA, CISSP, CISM, ISO 27001 Lead Auditor) are preferred.
• Minimum of 3 to 5 years of experience in IT audit, information security, or related fields.
• Strong knowledge of ITGC/ITAC, information security frameworks, and cybersecurity best practices.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work independently and collaboratively within a team environment.