EY

Senior Consultant – NFS Third Party Risk Management

EY

full-time

Posted on:

Location Type: Office

Location: TaguigPhilippines

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

CloudFirewallsLinuxOracleRPASDLCServiceNowTCP/IPUnity

About the role

  • Lead and work closely with the manager in the delivery of Third-Party Risk Management (TPRM) engagements.
  • Lead the design and implementation of TPRM operating models, identifying, evaluating, and providing solutions to evaluate complex business and technology risks.
  • Follow policies and procedures that support the successful implementation of TPRM operating models.
  • Facilitate process walkthrough discussions to document end-to-end business processes and functional requirements.
  • Assess the application of legal and regulatory requirements to clients TPRM practices.
  • Lead/Participate in technology enhancement requirements such as Automation, Data Analytics, AI to support TPRM processes.
  • Assist in the selection and tailoring of approaches, methods, and tools to support service offering or industry projects.
  • Demonstrate a general knowledge of market trends, competitor activities, EY products, and service lines.
  • Build and nurture positive working relationships with clients to achieve exceptional client service.
  • Contribute to Identifying opportunities to improve engagement profitability.
  • Assist leadership in driving business development initiatives and account management.
  • Participate in building strong internal relationships within EY Consulting Services and with other services across the organization.

Requirements

  • 4 to 8 years of demonstrated experience with Risk Management across the Third-Party engagement lifecycle (pre-contracting, contracting, and post contracting) and an understanding of the associated organizational infrastructure (e.g., relevant internal controls, business processes, governance structures).
  • Strong understanding of the TPRM framework, Risk Management, Information Security practices.
  • Demonstrate a good understanding of the Contract Risk Review management process.
  • Hands-on exposure to TPRM tools and technology solutions (e.g., GRC enablement solutions, such as Process Unity, Prevalent, Archer, ServiceNow, etc.).
  • Demonstrated knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, HITRUST, etc.
  • Good knowledge of privacy regulations such as GDPR, CCPA, etc.
  • Good knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc.
  • Good knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts, Physical & Environmental Security, Asset Security and Identity & Access Management.
  • Good knowledge of OS (Windows / Linux) security, Database security, IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.), Security architecture design, and review.
  • Good familiarity with OWASP, and Secure SDLC standards/frameworks, anti-virus solutions (e.g., Symantec, McAfee, etc.).
  • Good experience in LAN/WAN architectures and reviews.
  • Good knowledge of incident management, disaster recovery, and business continuity management, cryptography.
  • Experience in IT Risk and Compliance o Design IT Risk Controls framework such as IT SOX o Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. o Conducting IT internal control reviews, and review of SOC1 or SOC2 reports
  • IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML
  • IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc
  • Good to have prior Big-4 experience.
  • Good to have certifications - CISSP, CISA, CISM, CTPRP, CIPP, ISO 27001 Lead Auditor or Lead Implementer
Benefits
  • Support, coaching, and feedback from some of the most engaging colleagues around
  • Opportunities to develop new skills and progress your career
  • The freedom and flexibility to handle your role in a way that’s right for you

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
Risk ManagementThird-Party Risk Management (TPRM)Information SecurityContract Risk ReviewIncident ManagementDisaster RecoveryBusiness Continuity ManagementIT Risk ControlsData PrivacyNetworking and Security Concepts
Soft skills
LeadershipClient ServiceBusiness DevelopmentRelationship BuildingCommunicationProblem SolvingCollaborationProcess ImprovementAnalytical ThinkingOrganizational Skills
Certifications
CISSPCISACISMCTPRPCIPPISO 27001 Lead AuditorISO 27001 Lead Implementer