Digital Risk IT Audit Manager - Johannesburg

Digital Risk IT Audit Manager – Johannesburg

About EY – Internal IT Audit (Digital Risk)

Our Digital Risk (Internal IT Audit) practice provides independent, risk-based IT assurance services to support internal audit functions and strengthen control environments across organisations.

We focus on evaluating IT General Controls (ITGCs), governance frameworks, regulatory compliance, and risk management practices across complex IT environments, including on-premise and cloud-based systems.

You will be part of a high-performing team delivering internal IT audit engagements, helping clients enhance control effectiveness, manage risk, and meet regulatory requirements across various industries, including Financial Services, Telecommunications, Government, and Energy.

The Opportunity

As an IT Audit Manager, you will lead internal IT audit engagements from planning through to reporting, ensuring high-quality delivery and strong stakeholder engagement.

You will manage teams, review deliverables, and provide valuable insights to improve clients’ control environments, while contributing to the growth of the Digital Risk practice.

Key Responsibilities

Internal IT Audit Delivery & Leadership

• Lead and manage internal IT audit engagements end-to-end (planning, execution, and reporting).
• Ensure audits are delivered in line with EY methodologies and Internal Audit standards.
• Review audit workpapers to ensure accuracy, completeness, and audit readiness.
• Drive audit quality and ensure deadlines are met across multiple engagements

IT General Controls (ITGC)

• Oversee and review ITGC assessments, including:
• User access management
• Change management
• IT operations (backups, job monitoring, incident management)
• Evaluate control design and operating effectiveness across systems and platforms.
• Identify control deficiencies and ensure practical, risk-based remediation recommendations.

Risk, Compliance & Audit Assurance

• Lead risk-based IT audits aligned with frameworks such as:
• SOX
• King IV
• ISAE 3402
• Participate in audit planning, including risk assessments and scoping.
• Oversee the development of audit findings, risk ratings, and reports.
• Ensure all audit outputs are clear, well-supported, and aligned with audit standards.

IT Governance & Control Environment

• Evaluate IT governance structures, policies, and procedures.
• Assess alignment to frameworks such as COBIT and ITIL.
• Review business continuity and disaster recovery controls.
• Provide recommendations to enhance governance and control effectiveness.

Technology Risk (Including Cloud Exposure)

• Assess IT risks within cloud and hybrid environments as part of audit engagements.
• Evaluate cloud control environments within the context of ITGCs and governance.
• Perform control assurance over cloud-based systems, rather than implementation.

Stakeholder Engagement

• Act as the primary point of contact for clients on IT audit matters.
• Present audit findings, risks, and recommendations to senior stakeholders.
• Build and maintain strong, trusted client relationships.

Team Leadership & Development

• Manage and mentor junior team members and Seniors.
• Review team outputs and provide ongoing coaching and feedback.
• Foster a high-performance, collaborative team environment.
• Support resource planning across engagements.

Practice Development

• Contribute to proposals, methodology improvements, and internal initiatives.
• Support the growth of the Internal IT Audit (Digital Risk) capability.
• Participate in knowledge sharing and thought leadership activities.

Skills and Attributes for Success

• Strong audit mindset with attention to detail and quality.
• Ability to assess risk and apply professional scepticism.
• Strong leadership and team management capability.
• Effective stakeholder engagement and communication skills.
• Ability to manage multiple engagements and competing priorities.

Technical Skills

• Strong experience in IT audit and ITGCs (access, change, operations).
• Solid understanding of internal audit methodologies and standards.
• Knowledge of control frameworks (COBIT, ITIL).
• Experience evaluating control design and effectiveness.
• Exposure to data analytics in audit is advantageous.

To Qualify for the Role, You Must Have

Education

• Bachelor’s degree in Information Systems, Computer Science, Accounting, or related field.

Experience

• 5–8 years’ experience in:
• Internal IT Audit
• IT Risk / IT Assurance
• Experience managing audit engagements and reviewing deliverables.
• Experience in regulated industries (especially Financial Services) is advantageous.

Certifications (Preferred)

• CISA (strongly preferred)
• CISSP / CISM (advantageous, not core)
• COBIT / ITIL certifications

Why EY?

At EY, we develop exceptional talent through structured career growth, global exposure, and continuous learning. You will gain experience across diverse industries while building deep expertise in internal IT audit, risk, and governance, positioning you for senior leadership roles.

Key Fixes Made (so you can see the shift clearly)

• Repositioned from Cyber Security → Internal IT Audit (Digital Risk)
• Removed implementation-heavy / engineering language
• Strengthened:
• Audit lifecycle
• ITGC focus
• Risk & compliance
• Governance
• Kept cloud as part of audit scope, not the main role