IT Audit Associate 3

Our national practice assists clients in providing IT audit services in support of our financial audits. We also provide IT governance and IT risk related services to a variety of clients and particularly in the Financial Services, Oil & Gas, Retail and government sectors.

Our structured career framework means you’ll continue to develop, whatever level you’re at. So, whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.

• Cybersecurity Audits
• Plan and execute audits of IT systems, networks, and applications to identify vulnerabilities and compliance gaps.
• Review cybersecurity frameworks (e.g., NIST CSF, ISO 27001) and assess adherence.
• Conduct penetration testing and vulnerability assessments where applicable.
• IT General Controls (ITGC)
• Evaluate user access management, authentication, and privilege controls.
• Review change management, backup, and disaster recovery processes.
• Perform risk-based audits aligned with regulatory requirements (e.g., DORA, NIS2, PCI DSS).
• Prepare audit reports with actionable recommendations for remediation.
• Participate in cyber incident simulations and wargaming exercises.
• Advise on IT governance, cyber risk management, and business continuity planning.
• Stakeholder Engagement
• Collaborate with IT, security, and business teams to implement audit findings.
• Communicate technical risks in clear, business-friendly language.

• Strong analytical and problem-solving skills.
• Ability to work independently and manage multiple audits simultaneously.
• Excellent communication and report-writing skills.
• High ethical standards and attention to detail.

• Knowledge of cybersecurity tools and technologies (Firewalls, IDS/IPS, VPN, DLP).
• Familiarity with IT audit methodologies and frameworks (COBIT, ITIL).
• Proficiency in data analytics for audit testing.
• Understanding of cloud security and emerging cyber threats.

• Minimum 3 years of IT audit experience, with exposure to cybersecurity audits.
• Bachelor’s degree in Information Technology, Computer Science, or related field.
• Certifications: CISA (Certified Information Systems Auditor) preferred, CEH, CISSP or ISO 27001 Lead Auditor advantageous.

• Experience in regulatory compliance audits (SOX, ISAE 3402).
• Knowledge of cyber risk assessment and governance frameworks.
• Sound knowledge of cybersecurity frameworks and practices, with the ability to apply standards such as ISO 27001 and ethical hacking principles.
• Excellent analytical, interpersonal, communication, writing, and presentation skills.

About EY
As a global leader in assurance, tax, transaction and advisory services, we hire and develop the most passionate people in their field to help build a better working world. This starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. So that whenever you join, however long you stay, the exceptional EY experience lasts a lifetime