Cyber Security Audit Manager

Join a high-performing Internal Audit team at the forefront of technology and innovation within financial services. This is an opportunity to shape how Cyber and Technology risk is assessed and challenged in one of the most dynamic and highly regulated industries in the world.

As a Cyber Audit Manager, you'll collaborate with senior stakeholders across Technology, Risk and Security to deliver independent, forward-looking assurance over the firm's Cyber Security and Resilience framework. You'll have visibility with senior management and the Audit Committee, helping to protect the organisation against an evolving and sophisticated threat landscape.

You'll be involved in all aspects of the audit lifecycle – from risk assessment and planning, through fieldwork and reporting – across a wide range of cyber domains and emerging technologies. This is an environment that values curiosity, technical depth and a continuous learning mindset.

Key responsibilities

• Lead and deliver high-quality Cyber Security audits, providing clear, practical insights and recommendations
• Assess the design and effectiveness of controls across areas such as network security, identity and access management, vulnerability management, data security, incident response and cyber resilience
• Stay ahead of emerging technology and regulatory developments impacting cyber risk management
• Partner with control owners and senior management to influence positive change and strengthen the control environment
• Contribute to innovation in the audit approach, leveraging analytics and automation where possible

What we're looking for

• Experience in a Cyber, IT Audit or assurance function, with strong understanding of risk and control assessment
• Knowledge across multiple domains such as data security, network security, vulnerability management, threat management, IAM, cloud security (AWS, Azure) and incident response
• Familiarity with cyber frameworks such as NIST, ISO 27001, or CIS, and an understanding of the MITRE ATT&CK framework and Cyber Kill Chain
• Practical appreciation of the regulatory environment for cyber and operational resilience
• Relevant professional qualification (CISA, CISM, CISSP, or equivalent)

Desirable experience

• Exposure to hybrid and cloud environments (AWS, Azure, Kubernetes, Docker)
• Experience with data analytics or scripting (SQL, Python) to support audit work
• Understanding of IT architecture and large-scale technology transformation programmes
• Financial services experience, or having audited financial institutions in a consulting capacity