Digital Risk & Cloud IT Audit Assistant Manager / Manager – Johannesburg

About EY Consulting – Cyber Security

Our Cyber Security practice helps clients protect their technology environments, secure digital transformation journeys, and strengthen cyber resilience. We work across Financial Services, Telecommunications, Government, Energy, Retail, Mining and Metals, and other sectors, delivering advisory, assurance, and implementation services across cloud, infrastructure, applications, identity, and emerging technologies.

You will be part of a high‑performing Cyber Security practice that leverages EY’s global cloud accelerators, security‑first methodologies, and deep sector knowledge to help clients build secure, compliant, and scalable cloud environments.

The Opportunity

The role provides the chance to lead and deliver Cloud Security assessments, architecture reviews, cloud control implementations, and cloud‑focused cyber transformation initiatives. You will work within multidisciplinary teams and gain exposure to EY’s global cloud frameworks and cloud risk standards.

Our structured career framework ensures continuous development, global exposure, and opportunities to grow into senior leadership roles.

Key Responsibilities

Cloud Security Delivery & Technical Leadership

• Lead and deliver Cloud Security assessments using EY’s proprietary cloud security frameworks and industry standards (CSA CCM, NIST 800‑53, CIS Benchmarks, ISO 27001, CSP-native security frameworks).

• Perform CSPM (Cloud Security Posture Management) reviews, identifying misconfigurations, compliance gaps, and risks across Azure, AWS, and Google Cloud.

• Conduct architecture and design reviews, ensuring cloud solutions follow secure-by-design principles and align to EY Cloud Architecture & Landing Zone frameworks.

• Support clients in implementing cloud risk and security controls, including IAM, network security, data protection, logging & monitoring, DevSecOps, and encryption.

Cloud Transformation & Advisory

• Guide clients on multi‑cloud security strategies, migration security, and operational governance.

• Provide assurance over cloud transformations, using EY methodologies for program assurance and cloud governance.

• Support clients in establishing Cloud Operating Models, policies, and standards aligned with regulatory and industry requirements.

Risk, Compliance & IT Audit Support

• Lead cloud-related IT risk assessments and integrate cloud controls into financial audit IT general controls and program assurance work.

• Evaluate cloud security control compliance against frameworks (CSA CCM, CoBiT, ISO 27001, CIS Foundations).

Client Engagement & Stakeholder Management

• Present findings and recommendations to senior client stakeholders, translating technical concepts into business value.

• Manage junior staff, review deliverables, and ensure high‑quality outputs.

Practice Development & Thought Leadership

• Contribute to proposals, cloud cyber service offerings, methodologies, and accelerators.

• Act as a subject matter specialist in Cloud Security within the Cyber practice.

Skills and Attributes for Success

• Strong understanding of cloud platforms (Azure, AWS, GCP) and their native security services.

• Deep knowledge of cloud security architecture, cloud IAM, network segmentation, logging and monitoring, key management, encryption, and DevSecOps pipelines.

• Experience in CSPM, CIEM, CWPP, or Cloud Security Best Practices.

• Strong grounding in IT governance, IT risk, and general cybersecurity frameworks (ISO 27001, NIST, CIS Benchmarks).

• Excellent communication, stakeholder management, and report‑writing abilities.

• Logical thinker, problem solver, and confident in leading engagements and teams.

• Experience in project management across multiple engagements.

• Business development experience is advantageous.

To Qualify for the Role, You Must Have

Education:

• Bachelor’s degree in Information Systems, Computer Science, Engineering, or related fields.

• Business / Audit background advantageous.

Experience:

• Assistant Manager: Minimum 3 to 5 years of experience in Cyber Security with at least 2 years in Cloud Security.

• Manager: 5 to 8 years of experience with deeper leadership in cloud engagements.

• Hands-on experience with Azure, AWS, or GCP cloud security tooling.

• Exposure to management consulting, cloud security architecture, CSPM / CIEM tools, and program assurance.

Certifications (Highly advantageous):

Cloud Security:

• CCSP, CCSK, Azure Security Engineer Associate, AWS Security Specialty, GCP Professional Cloud Security Engineer.

Cyber & IT Audit:

• CISSP, CISM, CISA, ISO 27001 Lead Implementer / Auditor.

Cloud & Project Delivery:

• Azure / AWS / GCP certifications, PMP, PRINCE2, COBIT, ITIL.

Why EY?

You will join a global cloud security community, leveraging EY’s cloud accelerators such as:

• EY Cloud Risk & Security Frameworks

• Cloud Landing Zones and repeatable deployment patterns

• DevSecOps accelerators and AI‑enabled tooling

• EY Wavespa