Your key responsibilities will include:
- Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes.
- Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels.
- Use knowledge of the current IT environment, AI models and applications and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business.
- Demonstrate deep technical capabilities and professional knowledge. Demonstrate ability to quickly assimilate to new knowledge.
Skills and attributes for success
You will leverage your proven track record of technology plus business process internal audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of AI Risk solutions
To qualify for the role, you must have
- A bachelor’s or master’s degree and approximately 3-6 years of related work experience
- At least 2-4 years of experience in Internal audit, risk, compliance for both business and IT audits
- IT Pre-implementation and Post implementation reviews.
- Model Risk Management
- AI Compliance and regulatory assessments – Risk and Controls assessment of AI/ML applications in line with AI related regulations and frameworks
- Risk Assessment – Assessment of internal processes to identify security findings, vulnerabilities, and control gaps/deviations identified on applications and infrastructure. Develop risk control matrix in line with COBIT, ISO, NIST and ITIL Best Practice and recommendations.
- Control Monitoring / Testing - Understanding of Cyber and compliance standards like PCI, ISO27001, perform test the design and operational effectiveness of the cyber controls.
- Defect / Gap Identification: Identify the confidentiality, integrity and the availability related deficiencies in the client environment and evaluate against industry standards.
- IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc.
- Control Automation – Identify controls automation opportunities through analytics platform to monitor the operational effectiveness on the regular basis.
- Excellent communication, documentation and report writing skills.
- Functional understanding of foundation models (LLMs) and associated risks. Awareness of the AI deployment lifecycle
- Knowledge of Responsible AI principles, AI Ethics and AI Assurance
- Ability to identify process level risk arising from the use of AI and develop mitigation strategies.
- Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant)
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.