EY Technology - Information Security Control & Risk Compliance ManagerAt EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. Join us and build an exceptional experience for yourself, and a better working world for all.
The opportunity
The Technology Assurance, Risk, and Policy (TARP) function within Information Security strives to create and promote a holistic Governance, Risk, and Compliance (GRC) program by creating a robust, resilient, and proactive governance framework, supported by a strategic risk management approach and stringent compliance structures. It aims to integrate and align its GRC initiatives in line with the global firm's objectives and emerging threats within the cybersecurity landscape.
The Control & Risk Assessment team aims to directly enable the GRC program by designing control testing and risk assessment methodology to measure and quantify compliance to policies and control objectives.
Your key responsibilitiesThe Control & Risk Compliance Specialist will be expected to lead and execute control testing plans, following best-practice strategies. They will be responsible for routinely testing and assessing the effectiveness and efficiency of Information Security controls to determine if they are supporting the desired business outcomes. Test plans include self-assessment questionnaires, control testing, and process assessments.
The Control & Risk Compliance Specialist is also responsible for managing and training a team of junior professionals to assist in executing the test plans. The team will work collectively to support the Information Security Program in areas of risk assessment methodology development and execution of risk assessments, control testing design and execution, and identification of gaps and areas of improvement utilizing testing and assessment results.
Collaboration with other Information Security groups and external stakeholders across EY is key to this role. The primary service offering the Control & Risk Compliance Specialist will oversee is the EY China Compliance Program. This will require working primarily with EY China stakeholders to evaluate and assess EY China's compliance with Global InfoSec's policies and control objectives.
Skills and attributes for successCreate and design test plans for a variety of Information Security controls across the full scope of a Technology Risk Universe.Assist control owners with the design and implementation of their controls in the organization's IT environment based on assessment results.Balance firm security needs with business impact when recommending advancements in policy and control objectives.Think strategically to assist with the development of a long-term vision for the Control & Risk Assessment Program.Stay informed of changes in information security, regulatory requirements, audit standards, and industry trends, adjusting strategies as necessary.Build and maintain appropriate relationships with internal and external leaders.Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change.Outstanding management, interpersonal, communication, organizational, and decision-making skills.Evaluate, counsel, mentor, and provide feedback on performance of others.Plan the training and development of staff to develop their skills and maintain up-to-date knowledge in information security.Demonstrate integrity and judgment within a professional environment.To qualify for the role you must have7+ years of experience in the Information Technology, Information Security and/or Risk Management field(s).Audit experience or a demonstrated ability to design and test technology controls.2+ years of experience in managing and mentoring junior and senior level staff.Experience working on global and virtual teams.High proficiency in English (speaking, reading, and writing).An advanced degree in Computer Science, Information Security, or a related field; equivalent work experience will be considered on a case-by-case basis.One or more of the following certifications preferred: CRISC, CISSP, CISM, CISA, CIA, GIAC, CIPP, CIPT.Ideally, you'll also haveA working knowledge of external control standards like ISO 27001, NIST 800-53, COBIT, and regulatory requirements like GDPR and SOX.Skilled in Microsoft Office and M365 products; primarily Word, Excel, PowerPoint, SharePoint, PowerApps, and PowerBI.Experience with RSA Archer or other GRC tools.Flexibility to work outside of normal business hours when engaging with team members and stakeholders in various time zones.What we offerAs part of this role, you will work in a globally diverse team with the opportunity and tools to grow and develop your career. The EY benefits package focuses on your physical, emotional, financial, and social well-being. Here's a snapshot of what we offer:
Continuous learning: Develop the mindset and skills to navigate whatever comes next.Success as defined by you: Tools and flexibility to make a significant impact.Transformative leadership: Insights, coaching and confidence to be the leader the world needs.Diverse and inclusive culture: Empowerment to use your voice to help others find theirs.We ensure that individuals with disabilities are provided reasonable accommodations to participate in the job application or interview process. Please contact us to request accommodations.
If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.
Join us in building a better working world.
#J-18808-Ljbffr