IT & Cybersecurity Audit Manager

• Do you want to be part of a fast growing Fortune 500 company?
• Do you want growth opportunities across a large group of businesses?
• Do you want a diversified role, where you cover IT Audit, Cybersecurity, Information security and more? Look no further!

Role Summary

The IT & Cybersecurity Audit Manager is responsible for strengthening the organization’s assurance capabilities by evaluating technology-related risks and controls. This position sits within the Internal Audit team and focuses on reviewing IT systems, cybersecurity practices, and control frameworks to ensure they are effective, resilient, and aligned with business objectives.

Working closely with both technical and operational stakeholders, this role helps safeguard systems and data by identifying weaknesses, assessing risk exposure, and supporting the implementation of strong security and compliance practices. In addition to audit delivery, the position contributes to enhancing enterprise risk management and governance processes.

This opportunity is well-suited to a candidate who combines technical expertise with critical thinking, and who is motivated to influence improvements across IT security, compliance, and control environments.

Key Responsibilities

Audit Delivery & Risk Oversight

• Contribute to the execution of a comprehensive IT audit program covering general IT controls, cybersecurity controls, and related risk areas.
• Participate in organization-wide information security risk activities, ensuring risks are continuously identified, assessed, and tracked.
• Perform a range of audit engagements, including operational reviews and compliance testing (e.g., SOX), applying a risk-based methodology that prioritizes high-impact areas.

Risk Evaluation & Planning

• Support the development of enterprise-level risk assessments, including documentation such as risk and control matrices.
• Analyze business processes and technology environments to identify potential vulnerabilities and control gaps.
• Assist in shaping the annual internal audit plan, ensuring appropriate coverage of IT and cybersecurity risks in alignment with overall audit strategy.

Audit Preparation

• Organize and prioritize audit assignments based on risk exposure, business priorities, and resource considerations.
• Develop structured audit programs and procedures designed to meet defined objectives.
• Take a leading role in scoping and planning audits, including initiatives in emerging areas such as data protection and cybersecurity governance.

Fieldwork & Execution

• Collaborate with IT teams, finance personnel, and business leaders to gain insight into systems, controls, and operational processes.
• Independently assess security incidents, risk implications, and compliance requirements, offering practical recommendations for improvement.
• Evaluate the design and effectiveness of IT and cybersecurity controls across infrastructure, applications, and processes.
• Conduct detailed assessments of systems and environments to confirm their security, reliability, and alignment with business needs.
• Maintain clear, well-supported audit documentation to substantiate findings.
• Review system controls to ensure compliance with internal standards and external regulatory expectations.

Reporting, Remediation & Continuous Improvement

• Deliver clear and concise audit reports outlining identified risks, control deficiencies, and recommended actions.
• Partner with stakeholders to review and refine remediation plans and identify opportunities for operational enhancement.
• Track and monitor audit findings to ensure timely resolution, escalating issues where progress is insufficient.
• Validate corrective actions to confirm that identified weaknesses have been effectively addressed.
• Perform security assessments such as vulnerability scans and penetration testing to uncover potential threats.
• Oversee and enhance security controls designed to protect organizational systems, networks, and data assets.
• Investigate and respond to security incidents, ensuring root causes are identified and resolved.

Candidate Profile

Education & Certifications

• Degree in Information Technology, Computer Science, Information Systems, or a related technical discipline.
• Professional certifications such as CISA, CISSP, CISM, CIA, CCSP, CEH, CompTIA Security , SSCP, or similar are required.

Experience & Skills

• Approximately 6–8 years of relevant experience in IT audit, information security, or cybersecurity roles, preferably within large organizations or consulting environments.
• Ability to manage multiple assignments and deadlines in a dynamic work environment.
• Strong problem-solving and analytical skills, with the ability to identify root causes and recommend practical solutions.
• Effective communicator with strong report writing and presentation capabilities.
• Solid understanding of IT risk management frameworks and regulatory compliance requirements.
• Experience handling and analyzing cybersecurity incidents.
• Strong interpersonal skills with the ability to engage stakeholders at different levels.
• Detail-oriented mindset with a proactive approach to identifying risks before they escalate.
• Broad technical knowledge across systems, networks, infrastructure, and data environments.
• Strong organizational and time management abilities.
• Additional language skills are advantageous.