, pub-8228024607803045, DIRECT, f08c47fec0942fa0
top of page

Technology Risk Assurance Managers job at EY

About the Organization

In 2019, we formalized our long-term value approach in the EY NextWave strategy and as a result, we’ve achieved 9.5% compound annual growth (FY 2019–2023) and reached nearly US$50 billion in revenue in FY23, a 14.2% increase in local currency. Long-term value creation is now part of our DNA, and I am proud of the progress it has enabled for EY, highlighted in this EY Value Realized 2023 report.

Job Description

A Technology Risk Assurance Specialist focuses on identifying, assessing, managing, and mitigating risks associated with an organization's technology systems. Their duties revolve around ensuring that IT systems are secure, compliant, and effective in supporting business operations.

Enroll for CPA Uganda Course

Duties and Responsibilities

Risk Assessment:

  • Conduct thorough assessments of technology risks across various systems and processes.

  • Identify potential vulnerabilities and threats to IT infrastructure and data.

Risk Management:

  • Develop and implement risk management strategies and plans.

  • Monitor and track identified risks, ensuring that mitigation measures are effective.


  • Ensure IT systems comply with relevant regulations, standards, and policies (e.g., GDPR, HIPAA, ISO 27001).

  • Stay updated on changes in technology regulations and standards to ensure ongoing compliance.

Audit Support:

  • Support internal and external IT audits by providing necessary documentation and explanations.

  • Implement audit recommendations and track their progress.

Policy Development:

  • Develop and enforce IT risk management policies and procedures.

  • Ensure policies are communicated effectively to all relevant stakeholders.

Security Controls:

  • Design and implement security controls to protect IT systems and data.

  • Regularly test and evaluate the effectiveness of these controls.

Incident Management:

  • Respond to security incidents and breaches, conducting root cause analysis and implementing corrective actions.

  • Develop and maintain an incident response plan.

Training and Awareness:

  • Conduct training sessions and workshops to raise awareness of IT risks and promote best practices among employees.

  • Develop educational materials and resources to support risk awareness initiatives.

Risk Reporting:

  • Prepare detailed reports on technology risks, highlighting key findings, trends, and recommendations.

  • Present risk assessments and reports to senior management and stakeholders.

Vendor Risk Management:

  • Assess and manage risks associated with third-party vendors and service providers.

  • Ensure vendors comply with the organization's security and risk management standards.

Continuous Improvement:

  • Continuously monitor and review IT risk management practices to identify areas for improvement.

  • Stay informed about emerging technology risks and industry best practices.


  • Work closely with IT, security, and business teams to integrate risk management practices into all technology projects and operations.

  • Foster a culture of risk awareness and proactive risk management throughout the organization.

Business Continuity Planning:

  • Contribute to the development and maintenance of business continuity and disaster recovery plans.

  • Ensure IT systems and processes are resilient and can recover quickly from disruptions.

Technical Assessments:

  • Conduct technical assessments such as penetration testing, vulnerability assessments, and security audits.

  • Analyze assessment results and provide actionable recommendations for improvement.

Data Privacy:

  • Ensure that data privacy measures are in place and comply with relevant regulations.

  • Conduct regular privacy impact assessments and implement data protection measures.

Enroll for CPA Uganda Course

Qualification, Experiences and Competencies

  • Bachelor's degree in IT, Computer Science, Engineering, Telecommunications Full certifications: CISA, CISSP, CISM, ISO27001


  • Atleast 5 years of experience

  • Experience in managing Technology Risk Assurance engagements. Competences and experience required:

  • Deep hands-on experience in IT Risk Assurance eg, SCX/ICFR/IFC/ SSAE, IT Financial Audit and Business Automated Controls or any other regulatory/compliance audits in a similar role

  • Thorough knowledge of IT Security aspects in areas like Cloud Computing, Cyber Risks, Network Security, database management systems, SDLC, IT general controls (ITG), COBIT, COSO 2013. Significant experience leading, planning, executing, and concluding Technology Risk Assurance engagements

  • Excellent project management skills.

  • Excellent negotiation skills

  • Collaborative approach to management.

  • Knowledge of quality and risk management

  • Experience in business development including proposal preparation and presentation

How to Apply

Are you interested? Click the "APPLY" button below to submit your application.

Enroll for CPA Uganda Course
Get a Professional CV Customized to the Job you want to Apply for
Related Job Postings
Digital Lending Specialist job at DFCU Bank Uganda
brief case.png
25 Jun 2024
ENGIE Energy Access
Technical Support Specialist job at ENGIE Energy Access
brief case.png
3 Jul 2024
Kanzu Code
Delivery Manager job at Kanzu Code Careers
brief case.png
21 Jun 2024
National Curriculum Development Centre (NCDC)
Curriculum Specialist, ICT job at National Curriculum Development Centre
brief case.png
1 Jul 2024
Bishop Stuart University (BSU)
Director Information Communication & Technology -ICT job at Bishop Stuart University
brief case.png
1 Jul 2024
Enroll for CPA Uganda Course
Share this Job:
bottom of page