Manager, Risk Consulting (IT Audit)

Role Overview:

The IT Audit Manager for Cybersecurity, Vulnerability Assessment and Penetration Testing is a senior individual contributor and team lead responsible for driving a risk-based technology audit programme. The role provides independent assurance over our client’s cybersecurity posture, information security controls, vulnerability management lifecycle, and compliance with ISO/IEC 27001:2022 and applicable regulatory frameworks.

Key Responsibilities:

• Develop and execute a risk-based annual IT Audit Plan covering cybersecurity domains, emerging threats, and regulatory requirements.
• Lead end-to-end audit engagements from planning through to reporting, including scoping, fieldwork, evidence collection, and remediation tracking.
• Perform technical reviews of security architectures, network configurations, access controls, cloud environments, and third-party integrations.
• Assess the organisation's cybersecurity programme against frameworks such as NIST CSF, CIS Controls, and ISO/IEC 27001.
• Plan, execute and oversee VAPT engagements covering network infrastructure, web applications, mobile applications, and cloud environments.

Requirements:

• Bachelor’s or Master’s degree in Computer Science, Information Technology, Cybersecurity, Information Systems, or a related field.
• Possess related professional certifications such as CISA, CEH, OSCP, CISM, CISSP, etc.
• Minimum of 6 years of progressive experience in IT audit, cybersecurity, or information security assurance, including at least 3 years in a supervisory or managerial role leading IT audit or security teams.
• Demonstrated hands-on experience in conducting or overseeing VAPT engagements (network, web application, and cloud).
• Experience in financial services, banking, telecommunications, or regulated industries is preferred.
• Proficiency with penetration testing tools such as Metasploit, Nmap, Burp Suite, Nessus, Qualys, OpenVAS, Nikto, OWASP ZAP.