An opportunity to join a leading financial services organisation within Internal Audit, focusing on Cloud and Cyber Security. This role provides independent assurance to executive management and the Board on the effectiveness of governance, risk management and controls across cloud-enabled environments. You will work closely with technology, security and audit colleagues to deliver high- quality, insightful audits and pragmatic recommendations.
This role requires strong, hands‑on experience auditing and assuring cloud environments, particularly across AWS and Azure.
Key responsibilities
- Support the planning, development and delivery of Cyber and Cloud Security audits in line with internal audit standards
- Perform risk assessments to identify key cyber and technology risks impacting cloud, hybrid and on‑premise environments
- Evaluate the design and effectiveness of controls across security architecture, cloud configuration and cyber resilience
- Execute assurance testing and produce clear, evidence‑based audit observations
- Communicate findings, risks and recommendations to audit owners, senior managers and directors
- Track and support issue remediation to ensure effective risk reduction
- Monitor regulatory developments and industry trends to inform audit focus and best practice
What you’ll bring
- Experience in risk and control assessment within audit, assurance or control testing functions, with a focus on Cyber Security
- Strong expertise in major cloud platforms, including AWS and Azure, covering misconfigurations, insecure storage, serverless risks, container security (Kubernetes/Docker) and identity controls
- Experience developing and executing assurance testing across cloud security domains such as data protection and cryptography, network security, vulnerability management, incident response, threat management, IAM, cyber resilience and data leakage prevention
- Understanding of IT architecture across traditional enterprise, cloud and hybrid technology landscapes
- Knowledge of emerging technology, cyber security and cyber resilience risks
- Working knowledge of recognised security frameworks and standards such as NIST, CIS and ISO
- Awareness of the regulatory environment impacting financial services and technology risk
- Relevant professional certifications or qualifications such as CISA, CISM, CISSP or a related technical or graduate qualification
- Background within the financial services sector
- Familiarity with the Cyber Kill Chain, MITRE ATT&CK and threat modelling approaches
- Experience delivering or auditing technology change programmes, including agile and waterfall methodologies
- Exposure to data analysis tools used to support audit and assurance activities, such as SQL or Python
This role suits a technology‑focused auditor with deep cloud security knowledge who is confident engaging senior stakeholders and contributing to strategic risk insight within a complex, regulated environment.
#J-18808-Ljbffr