Senior Associate, IT Auditor, Financial Services Assurance

At EY, we’re not just embracing change—we’re driving it. Through our core services in Assurance, Consulting, Strategy & Transactions, and Tax, we help clients unlock transformative growth. Join a global team where your ideas matter, your voice is heard, and your impact is real.

The Role

Technology is transforming financial services—and with it comes intensifying regulatory scrutiny. At EY, our Technology Risk team helps banks, insurers, asset managers and payment institutions prove that their technology and cyber controls meet the standards MAS expects.

As an IT Auditor (Senior Associate) in our Technology Risk team, you’ll lead and execute regulatory and attestation-based technology audits—against the MAS TRM Guidelines, MAS Notices, SOC 1 / SOC 2 and ISO 27001—across a portfolio of regulated clients, with the support of experienced managers and a clear path toward leading your own engagements.

What You’ll Do

• Audit against MAS expectations – assess clients’ technology and cyber risk practices against the MAS Technology Risk Management (TRM) Guidelines and relevant Notices (e.g. MAS Notice 655 / Cyber Hygiene), identify gaps, and judge what regulators will care about
• Deliver engagements – plan and run IT reviews, scoping the right controls and assessing both design adequacy and design effectiveness
• Tackle the risks that matter – review AI, cloud, third-party / outsourcing, cyber resilience, data governance, and business continuity / disaster recovery risks as they apply to each client
• Tell the story – write clear, well-evidenced findings and practical recommendations, and walk senior client stakeholders through with confidence
• Own your engagements – manage scope, budget and timeline on your audits, and coach the associates working alongside you
• Stay current – keep up with regulatory developments, emerging technology and the risks they create for our clients

• 3–6 years in technology audit, IT risk, or technology assurance – gained in a professional services firm, or in the internal audit / second-line technology risk function of a bank, insurer, asset manager or regulated company
• Hands-on experience delivering regulatory or framework-based technology audits – such as MAS TRM reviews, SOC 1 / SOC 2 attestations, or ISO 27001 assessments—planned and executed, not just reviewed
• Working knowledge of the MAS TRM Guidelines and related Notices – or demonstrable experience auditing a MAS-regulated entity; this is the core of the role
• A degree in a relevant field – Information Systems, Computer Science, Accounting & IT, Engineering, Cybersecurity, or equivalent practical experience
• Clear written and verbal communication – you can turn technical findings into something a business audience understands

Your Credentials (Nice to Have)

• CISA – the benchmark IT-audit credential; CRISC or CISM are also highly valued—we sponsor and support certification
• Recognised frameworks – exposure to NIST CSF, COBIT or ITIL
• Cloud platforms – familiarity with AWS, Azure or GCP, and how they change the control environment
• Data & analytics – using tools such as SQL, Python, Alteryx or Power BI to sharpen audit testing
• Multi-sector exposure – audit experience across various financial sectors (e.g. both banking and insurance)

• Real specialism, real depth – a portfolio of MAS-regulated clients across banking, insurance, asset management and payments—breadth that is hard to get in-house
• A clear path to Manager – structured development and increasing ownership of your own engagements
• Certification support – study leave, exam sponsorship and exam-fee coverage for CISA and related qualifications
• Hybrid working – typically three days in the office and two days remote each week

Thinking about a career pivot? If you have hands-on experience with technology controls in a MAS-regulated environment, we’d like to hear from you—even if your title hasn’t been “auditor.”