Associate 2 - IT Audit
  • South Africa Johannesburg
  • EY
1 year before
31.12.2023
Securely Provision
Risk Management
Job Description

Technology Consulting, IT Audit Associate, Johannesburg


Our independent position and assessment capabilities provide clients with a candid and reliable overview of their risk landscape and the controls in place. As a risk assurance professional, you will be leading assessments and certification services that will directly support C-suite discussions and important business decisions regarding compliance, cost and quality of our clients’ risk management programs. You will be part of an international network of professionals across geographies and sectors, delivering assessment and certification services that will help verify compliance and improve the performance of our clients.


The opportunity


Our structured career framework means you’ll continue to develop, whatever level you’re at. So, whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.


Your Key Responsibilities


Our IT Risk & Assurance services are designed for the dual purpose of strengthening internal controls and, in so doing, helping to improve IT and business performance. In addition to assurance-related engagements such as financial attestation and ISAE 3402 engagements, our IT risk advisory services focus on IT governance and effectiveness; IT program management and assurance; security and controls of Enterprise Resource Planning (ERP) implementations; and business intelligence and information analysis. We are currently offering positions in the following areas:


Application Risk & Controls practice
Information Management and Analysis Services practice
Financial Services Technology Risk and IT Regulatory Services


In your role as a Risk Assurance Associate, you’ll:


Effectively manage and motivate client engagement teams with diverse skills and backgrounds.
Consistently deliver quality client services and manage expectations of client service delivery.
Drive high-quality work products within expected timeframes and on budget.
Monitor progress, manage risk and ensure key stakeholders are kept informed about progress and expected outcomes.
Stay abreast of current business and industry trends relevant to the client's business.
Develop and maintain long-term relationships and networks with clients and internal EY stakeholders - Demonstrate deep technical capabilities and professional knowledge.
Possess in depth business acumen and demonstrate ability to quickly assimilate to new knowledge. - Remain current on new developments in advisory services capabilities and industry knowledge.


Skills And Attributes For Success


Identifying the key levers that impact solvency ratios and return on equity to optimize our clients’ capital position
Modeling, documenting and preparing application files
Validating estimate models
Providing audit support for Solvency II and statutory reporting, including sample tests on Life Technical Provisions, IAS 19 and Pension funds
Acting as an actuarial professional, providing guidance on a wide range of areas, such as life and general insurance, investment, corporate finance, risk management and pensions
Further developing your team by coaching and mentoring a junior colleague


To qualify for the role, you must have:


A recognized university degree in accounting, business, information technology, engineering, mathematics or other relevant discipline


At least 2 years of relevant consulting or industry experience, preferably in a professional services environment or MNC.


Candidates who possess professional certifications such as Certified Public Accountant (CPA), Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) and / or Certified Fraud Examiner (CFE) are highly encouraged to apply.
Proficiency with Microsoft Excel, Access, Word, and PowerPoint
Strong analytical, interpersonal, communication, writing and presentation skills
Demonstrates integrity, values, principles, and work ethic
Willingness to travel on overseas assignment as the need arises


Ideally, you’ll also have


Application Risk & Controls


This practice focuses on enterprise IT application assessment, Governance, Risk and Compliance (GRC) technology assessment, IT Application and Tool Implementation. We deliver valuable insights and enable better business decisions through improved quality of information.


What We Look For


More than anything, we’re interested in people with the right attitude for the job! That’s naturally entrepreneurial people that feed on the energy of a thriving global team. You’ll need a balance of technical and analytical skills, a creative approach to work and strong communication skills. Put simply, if you’ve got big ideas on how we can do better, as well as the confidence to voice them, this role is for you.


What Working At EY Offers


We offer a competitive remuneration package where you’ll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working, career development and with FlexEY you can select benefits, which suit your needs, covering holidays, health and well-being, insurances, savings and a wide range of discounts, offers and promotions. Plus, we offer:


A position in a business that truly recognizes the importance of strong risk capabilities
Opportunities to develop your skills in a wide range of areas, supported by regular feedback from senior-level colleagues
Plenty of chances to build lasting professional relationships both internally and externally
A culture that recognizes success and rewards excellence


About EY


As a global leader in assurance, tax, transaction and advisory services, we hire and develop the most passionate people in their field to help build a better working world. This starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. So that whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.


Quick response

Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0019   Knowledge of cryptography and cryptographic key management concepts
  • K0027   Knowledge of organization's enterprise information security architecture.
  • K0028   Knowledge of organization's evaluation and validation requirements.
  • K0044   Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • K0049   Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
  • K0054   Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
  • K0084   Knowledge of structured analysis principles and methods.
  • K0146   Knowledge of the organization's core business/mission processes.
  • K0179   Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • K0199   Knowledge of security architecture concepts and enterprise architecture reference models (e.g., Zachman, Federal Enterprise Architecture [FEA]).
  • K0295   Knowledge of confidentiality, integrity, and availability principles.
  • K0007   Knowledge of authentication, authorization, and access control methods.
  • K0100   Knowledge of the enterprise information technology (IT) architecture.

Required Skills
  • S0027   Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • S0038   Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
  • S0110   Skill in identifying Test & Evaluation infrastructure (people, ranges, tools, instrumentation) requirements.
  • S0115   Skill in preparing Test & Evaluation reports.
  • S0134   Skill in conducting reviews of systems.
  • S0141   Skill in assessing security systems designs.
  • S0147   Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).

Required Abilities
  • A0014  Ability to communicate effectively when writing.
  • A0018  Ability to prepare and present briefings.
  • A0019  Ability to produce technical documentation.
  • A0023  Ability to design valid and reliable assessments.