NFS Technology Risk Staff - Generic

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

Job Title: Non FS Technology Risk - Staff (IT Audit) 

Skills and attributes for success 
You will leverage your proven track record of IT Audit experience and strong personal skills, to 
effectively deliver quality results in the assessment, design, and support implementation of controls, 
security and IT risk solutions.  

To qualify for the role, you must have 
• A bachelor’s or master’s degree and approximately 2-3 years of related work experience 
• At least 1-2 years of experience in IT Risk and Compliance 
▪ Design IT Risk Controls framework such as IT SOX framework 
▪ Implementation and Testing of internal controls such as IT general controls, IT 
application controls, business controls, interface controls etc.  
▪ Identify control gaps, weaknesses and areas of improvements. 
▪ Conducting IT internal control reviews, and review of SOC1 or SOC2 reports 
• Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, 
ISO, NIST etc. 
• IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of 
any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies 
such as Cloud, RPA, AI/ML 
• IT Infrastructure and Architecture risk assessments including data quality and data migration 
reviews, data privacy reviews, OS DB reviews etc.  
• Strong exposure working in client facing roles, collaborate with cross functional teams 
including internal audits, IT security and business stakeholders to assess control effectiveness 
and facilitate remediation activities. 
• Excellent communication, documentation and report writing skills. 
• Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 
27001, and others (as relevant) 

EY | Building a better working world

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.