At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

IT Audit Manager - Cloud Security & DevSecOps (Financial Services) (1 Position)

Role Overview:
Leads audits and risk assessments of cloud environments and DevSecOps practices in financial institutions, ensuring secure and compliant adoption of cloud and automation.

Key Experience & Skills:

• 8+ years in cloud security, governance, or DevSecOps in financial services.
• Hands-on experience with AWS, Azure, or GCP security controls, IAM, encryption, and monitoring.
• Familiarity with cloud compliance frameworks (e.g., CSA CCM, ISO 27017/18, MAS TRM cloud guidelines) and standards/regulations globally and within the MENA region (KSA, UAE, Qatar)
• Experience with CI/CD pipelines, infrastructure as code (Terraform, Ansible, Puppet, Chef), policy-as-code and automated security testing.

• Implement and manage security best practices for cloud infrastructure and applications, embedding DevSecOps principles.

• Evaluate the configurations/polices for key cloud security solutions such as Cloud Security Posture Management (CSPM), Cloud Workload Protection Platforms (CWPP), Cloud Identity and Access Management (IAM), Cloud Access Security Brokers (CASB), Web Application Firewalls (WAF), Cloud encryption and key management services, Security Information and Event Management (SIEM),

• Evaluate the current practice followed of cloud security monitoring and incident management
• Evaluate the effectiveness of the implementation and operations of vulnerability management and patching programs, including timely identification, prioritization, and remediation of cloud vulnerabilities
• Knowledge of container security (Docker, Kubernetes), build image security, secrets management, VA/DAST/SAST and cloud-native security tools.
• Experience with developing and reviewing cloud security policies/DevSecOps procedures
• Good understanding of cloud security standards/regulations globally and within the MENA region (KSA, UAE, Qatar)
• Mentor and lead a team of DevSecOps/Cloud Security engineers, fostering their technical growth and ensuring adherence to architectural standards.
• Certifications: AWS/Azure/GCP Security, CCSP, CKA, or equivalent.

Responsibilities:

• Lead audits of cloud infrastructure, governance, and DevSecOps pipelines for compliance and security.
• Assess cloud security posture, data protection, and regulatory alignment.
• Evaluate DevSecOps practices for secure code delivery, vulnerability management, and automated controls.
• Advise on cloud risk mitigation, policy enforcement, and continuous compliance.

EY | Building a better working world

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.