IT Audit Associate 3

Our national practice assists clients in providing IT audit services in support of our financial audits. We also provide IT governance and IT risk related services to a variety of clients and particularly in the Financial Services Oil & Gas Retail and government sectors.

Our structured career framework means you'll continue to develop whatever level you're at. Wherever you join however long you stay the exceptional EY experience lasts a lifetime.

• Cybersecurity Audits
  • Plan and execute audits of IT systems, networks and applications to identify vulnerabilities and compliance gaps.
  • Review cybersecurity frameworks (e.g. NIST CSF ISO 27001) and assess adherence.
  • Conduct penetration testing and vulnerability assessments where applicable.
• IT General Controls (ITGC)
  • Evaluate user access management, authentication and privilege controls.
  • Review change management, backup and disaster recovery processes.
• Risk Assessment & Compliance
  • Perform risk-based audits aligned with regulatory requirements (e.g. DORA NIS2 PCI DSS).
  • Prepare audit reports with actionable recommendations for remediation.
• Incident Response & Governance
  • Participate in cyber incident simulations and wargaming exercises.
  • Advise on IT governance, cyber risk management and business continuity planning.
• Stakeholder Engagement
  • Collaborate with IT security and business teams to implement audit findings.
  • Communicate technical risks in clear, business‑friendly language.

• Strong analytical and problem‑solving skills.
• Ability to work independently and manage multiple audits simultaneously.
• Excellent communication and report‑writing skills.
• High ethical standards and attention to detail.

• Knowledge of cybersecurity tools and technologies (Firewalls IDS/IPS VPN DLP).
• Familiarity with IT audit methodologies and frameworks (COBIT ITIL).
• Proficiency in data analytics for audit testing.
• Understanding of cloud security and emerging cyber threats.

• Minimum 3 years of IT audit experience with exposure to cybersecurity audits.
• Bachelor’s degree in Information Technology, Computer Science or related field.
• Certifications: CISA (Certified Information Systems Auditor) preferred, CEH, CISSP or ISO 27001 Lead Auditor advantageous.

• Experience in regulatory compliance audits (SOX ISAE 3402).
• Knowledge of cyber risk assessment and governance frameworks.
• Strong IT audit experience including SOX compliance.
• Sound knowledge of cybersecurity frameworks and practices with the ability to apply standards such as ISO 27001 and ethical hacking principles.
• Excellent analytical, interpersonal, communication, writing and presentation skills.

As a global leader in assurance, tax, transaction and advisory services we hire and develop the most passionate people in their field to help build a better working world. This starts with a culture that believes in giving you the training opportunities and creative freedom to make things better. So that whenever you join however long you stay the exceptional EY experience lasts a lifetime.