Technology Risk Internal Audit Cloud Associate Director

• Take ownership and lead on allocated assignments and client accounts
• Be responsible for overseeing the delivery of a number of technology internal audit / technology risk engagements and manage portfolio of technology audit / technology risk engagement and relationships with clients
• Support and lead business development activities, winning new clients and upselling services to existing clients
• Lead on planning conversations with clients, and in the preparation of draft terms of reference/audit planning documents
• Providing subject matter expert input into technology audit / technology risk engagements and overseeing fieldwork performed by more junior team members
• Oversee, and review the work of, junior members of the team, supporting development and ensuring quality in the work performed
• Hold close-out meetings with clients to ensure that they have a full understanding of issues identified and these are agreed, and write reports summarising the key observations from the work performed
• Presenting reports and findings at Audit Committees and other senior management committees
• Support in the development of new technology audit / technology risk service lines and initiatives within BRS, with a focus (but not exclusively) on Cloud assurance
• Assist with the financial management of client relationships, including monitoring WIP, raising invoices, ensuring an adequate margin is achieved on engagements, and preparing budgets
• Leading on the developing annual audit plans

• Professional qualification (CISA, CCAK, CCSK, CCSP etc.) with post qualification experience
• Confident managing a large portfolio of internal audit and Technology Risk clients
• Experience of scoping and delivering technology internal audits and Technology Risk engagements (ie first / second line assurance activities), and developing reports and presenting conclusions to relevant senior stakeholders
• Experience of managing internal audits of large companies in addition to dealing with complex technical matters, in particular areas related to the configuration, resilience, and security of Cloud platforms and solutions (inc IaaS, PaaS, and SaaS)
• Strong experience of a range of cloud governance, technical configuration, and cloud specific topics such as security, data protection/privacy, availability, resilience, disaster recovery, performance, cost management, third-party management, and change management
• Experience of auditing public (such as AWS, Azure and Google Cloud) and/or private (such as VMWare) cloud platforms
• Knowledge and familiarity with the Cloud Security Alliance Cloud Controls Matrix, cloud vendor Well Architected frameworks and Agile methodologies
• Ideally a good track record of performing IT audits over DevSecOps / CICD pipelines, including release management, source code management, testing, security, use of tools and automation
• Experience of delivering a technology audit / technology risk covering a broad range of areas, including cyber and network security, IT resilience, IT transformations, IT strategies, data protection, supplier management, and other
• Extensive experience of using audit software and Microsoft packages
• Experience of building extensive and active networks which across geographical regions and client organisations
• Proactive rather than reactive in your approach and personal goals are congruent with those of the firm

Good track record of performing IT audits over DevSecOps / CICD pipelines, including release management, source code management, testing, security, use of tools and automation

• Flexible working
• Reduced hours and job shares considered
• Support to balance work and life
• Inclusive culture
• Real opportunity
• Work life balance
• Freedom to bring your whole self to work
• Pursue your passions inside and outside of work
• Secondments
• Fundraising for local charities
• Investing in entrepreneurs in the developing world