TechOps-DE-AMS-Process Auditor-Manager

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

Process Auditor / Risk Analyst

Role Summary

Conduct end-to-end process and project audits across delivery portfolios, including ODC (Offshore Development Centre) audits and InfoSec compliance checks. Assess risk exposure, perform control testing, and ensure adherence to internal standards and client contractual obligations. Drive corrective actions, maintain risk frameworks, and support governance reporting. Understanding and prior work experience in Managed Services delivery environments is mandatory.

Key Responsibilities

• Plan and execute delivery/process audits covering project lifecycle, change control, testing, release, and incident/problem management.
• Perform ODC audits focusing on physical and logical security, access controls, and compliance with client-specific requirements.
• Conduct InfoSec compliance checks aligned to ISO 27001, GDPR, and organizational security policies.
• Execute risk assessments and maintain risk registers; identify gaps and recommend mitigation strategies.
• Perform control testing for critical processes and systems; validate effectiveness of implemented controls.
• Develop and maintain audit checklists, risk frameworks, and control libraries.
• Track audit outcomes, trend analysis, and report findings to governance councils.
• Support customer audits, external certifications, and regulatory compliance initiatives.

Required Qualifications & Skills

• 10–12+ years in process audits, compliance, and risk management within TechOps or IT delivery environments.
• Strong knowledge of ISO 9001/27001, CMMI, ITIL practices; familiarity with ODC security standards.
• Exposure to Risk & Control testing tools (e.g., ServiceNow GRC, MetricStream, Archer) – good to have.
• Excellent stakeholder management and ability to write clear, actionable audit reports.

Tools & Certifications (Preferred)

• Audit tools: Excel/Sheets, Confluence, JIRA; GRC platforms (ServiceNow GRC, MetricStream).
• Certifications: ISO 27001 Lead Auditor, CISA, CIA, CMMI Associate, ITIL Foundation.

Behavioural Competencies

• Integrity & Ethics: Maintains confidentiality and demonstrates high ethical standards.
• Attention to Detail: Ability to identify gaps and inconsistencies in complex processes.
• Analytical Thinking: Strong problem-solving and risk analysis skills.
• Influencing Skills: Ability to drive corrective actions and gain stakeholder buy-in.
• Resilience: Handles pressure during audits and escalations calmly and effectively.

Success KPIs

• % audits completed vs plan; closure rate & cycle time for findings.
• Repeat finding rate (target ↓).
• Risk mitigation effectiveness (risk heatmap improvements).
• Compliance score by portfolio.

EY | Building a better working world 

 
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.  

 
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  

 
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.