The primary function of the Information Security Audit Manager is to assist in planning and performing IT-related audit procedures. The role requires applying IT-related data analytics and security controls knowledge to deliver high quality engagements, addressing financial, operational and compliance risks and
Your key responsibilities
- Liaise with internal auditors, external auditors, vendors and outside consultants as necessary for independent security audits
- Interact with control owners to understand and document the ITGC and other security controls place for key infrastructure and applications
- Document security controls based on the information provided by control owners
- Understanding the data flows between system and advising business on appropriate IT controls to implement
- Collect and monitor progress of auditor’s evidence collection
- Work with stakeholders to document corrective actions, assess risk
and track remediation and report progress
- Identify risks and escalates potential project issues to management as required
- Monitor remediation activities and assist teams with addressing security findings
Skills and attributes for success
- Experience in IT and application audits
- Working knowledge of common control frameworks like COBIT
- Strong English language skills are required – written and verbal
- Good time management, interpersonal, communication, organizational, and decision-making skills
- Fluency in MS Office (Word, Excel, PowerPoint)
To qualify for the role, you should have:
- At least 5 years of work experience applying relevant IT audit skills in audit engagements
- At least 3 years of experience in a supervisory/managerial capacity leading IT audit
- At least 3 years of experience as the supervisory senior/manager responsible for all of the following:
- Supervising audit professionals performing IT general controls
- Audit quality inspection processes, including internal and/or external inspection processes. - Maintain awareness of the current security threat landscape and information security frameworks (ISO27001, SOC 1 and SOC 2)
- Thirst for knowledge and desire to develop your career
- Ability to team well with others to facilitate, schedule, and coordinate required audit activities
- CISA, CIA, CISSP or CISM certification is a plus
- Ability to speak in Mandarin will be a plus
What we offer
- Continuous learning:You’ll develop the mindset and skills to navigate whatever comes next.
- Success as defined by you:We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
- Transformative leadership:We’ll give you the insights, coaching and confidence to be the leader the world needs.
- Diverse and inclusive culture:You’ll be embraced for who you are and empowered to use your voice to help others find theirs.
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.