EY
Senior Consultant / Assistant Manager – Technology Risk (IT Audit, Cybersecurity, ICFR)
- Permanent
- Jeddah, Saudi Arabia
- Experience 2 - 5 yrs
- Urgent
Job expiry date: 20/02/2026
Job overview
Date posted
06/01/2026
Location
Jeddah, Saudi Arabia
Salary
SAR 20,000 - 30,000 per month
Compensation
Job description
EY Senior Consultant / Assistant Manager – Technology Risk role in Jeddah, Saudi Arabia supporting the growth of the Technology Risk service in MENA, responsible for executing and leading IT and cybersecurity projects across many industries, leading engagement delivery with minimal supervision, supporting executives in development of proposals, presentations and other business development activities, and owning delivery and quality of final reports to clients. The role requires an existing track record of successful engagement delivery in Technology Risk, with Big 4 or comparable consulting experience advantageous, and broad background across IT and cybersecurity including expertise in Risk and Governance Frameworks and IT governance frameworks such as COBIT, ITIL and NIST; ISO 27001 standards; information security principles; policy development; and risk assessment. It includes proficiency in IT Systems Audit covering planning, execution, audit methodologies, evaluation of complex IT environments, identification of control weaknesses and communication of findings. It requires comprehensive knowledge of internal controls over financial reporting (ICFR) including ITGCs, ITACs, SOX requirements, supporting financial audits with IT expertise and liaison with financial auditors. It expects understanding of application systems such as SAP, Oracle, Microsoft Dynamics and operating systems and databases, and strong understanding of Business Continuity Planning (BCP) including BCP/DRP principles, business impact analyses, recovery strategy development and plan testing, plus cybersecurity fundamentals covering common threats, vulnerabilities and contributions to cybersecurity discussions. Candidate requirements include Bachelor’s degree in Information Technology, Cybersecurity, Computer Science or related field, minimum 3 to 5 years of experience in IT audit, information security or related fields, strong knowledge of ITGC/ITAC, information security frameworks and cybersecurity best practices, and preferred professional certifications including CISA, CISSP, CISM and ISO 27001 Lead Auditor.
Required skills
Key responsibilities
- Execute and lead IT and cybersecurity projects across multiple industries as part of Technology Risk engagements
- Lead and deliver engagement delivery with very minimal supervision and manage the delivery and quality of final reports to clients
- Support executives in development of proposals, presentations and other business development activities
- Apply Risk and Governance Framework expertise including IT governance frameworks such as COBIT, ITIL and NIST, ISO 27001 standards, information security principles, policy development and risk assessment
- Plan and execute IT Systems Audit activities using audit methodologies to evaluate complex IT environments, identify control weaknesses and communicate findings
- Assess internal controls over financial reporting (ICFR) including ITGCs, ITACs and SOX requirements and support financial audits with IT expertise while liaising with financial auditors
- Evaluate application systems such as SAP, Oracle and Microsoft Dynamics along with operating systems and databases within Technology Risk engagements
- Support Business Continuity Planning (BCP) work including BCP/DRP principles, business impact analyses, recovery strategy development and plan testing
- Contribute to cybersecurity discussions by applying cybersecurity fundamentals including common threats and vulnerabilities
Experience & skills
- Hold a Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field
- Bring a minimum of 3 to 5 years of experience in IT audit, information security, or related fields
- Demonstrate track record of successful engagement delivery in Technology Risk and ability to lead and deliver engagements with very minimal supervision
- Demonstrate expertise in Risk and Governance Frameworks including IT governance frameworks such as COBIT, ITIL and NIST, ISO 27001 standards, information security principles, policy development and risk assessment
- Demonstrate proficiency in IT Systems Audit including planning, execution, audit methodologies, complex IT environment evaluation, control weakness identification and communication of findings
- Demonstrate comprehensive knowledge of internal controls over financial reporting (ICFR) including ITGCs, ITACs and SOX requirements and ability to support financial audits with IT expertise and liaise with financial auditors
- Demonstrate understanding of application systems such as SAP, Oracle and Microsoft Dynamics and operating systems and databases
- Demonstrate strong understanding of Business Continuity Planning (BCP) including BCP/DRP principles, business impact analyses, recovery strategy development and plan testing
- Demonstrate strong understanding of cybersecurity fundamentals including common threats and vulnerabilities and knowledge of cybersecurity best practices and information security frameworks
- Hold relevant professional certifications such as CISA, CISSP, CISM or ISO 27001 Lead Auditor (preferred)
