EY Technology Risk Senior 

Luxembourg 

854026879

• Contribute to financial statement audit support by evaluating clients’ IT control environments and developing solutions.
• Act as a stream leader on business consultancy engagements in cybersecurity, IT risk management, and business continuity.
• Analyse client IT environments, identify risks, and evaluate controls.
• Conduct application system analysis of Segregation of Duties (SoD) and Sensitive Access to assess potential conflicts in financial reporting.
• Design and implement IT audits, including systems development, conversion, and application control reviews.
• Perform in-depth control assessments, document test requirements, and suggest remediation alternatives.
• Facilitate the use of technology-based tools and methodologies to review, design, and implement products and services.

• Master’s degree or equivalent certification in Computer Science, Information Systems, Engineering, or a related field.
• Minimum 2 years of experience as an IT Auditor (internal or external), or 3 years as an IT Consultant.
• Sound knowledge of IT frameworks and standards such as ITIL, COBIT, ISO 27001, ISO 22301, CMMI.
• Familiarity with data protection and governance regulations (e.g., EU GDPR, DORA, NIS2).
• CISA certification or willingness to obtain it within one year of hire.
• Experience in IT Risk Management and internal control.
• Hands-on experience with operating systems, DBMS, or network administration.
• Fluent in French and English; additional languages are considered an asset.
• Highly organized, flexible, and quick to learn in new situations.
• Proactive in problem-solving with a strong client and team focus.
• Committed to sharing knowledge and improving client processes.

Ideally, you’ll also have:

• Experience in one or more of the following: financial audits, internal/operational audits, ISMS implementation/audit, business continuity management, ERP security and control reviews (Oracle, SAP, MS Dynamics).
• Experience auditing general computer controls and IT control testing of applications, operating systems, and databases.
• Prior experience in project planning and management.
• Additional certifications such as CISM, CGEIT, CRISC, ITIL, CISSP, CIA, ISO 27001/22301 Lead Auditor or Implementer, Prince2, or PMP.

Our offer of employment is contingent upon the successful completion of a background check and pre-screening requirements. The candidate acknowledges that all information provided must be accurate.