Work closely with service line and function technologists from across the globe to support EY's digital services by ensuring compliance with Information Security policies
Enhance business teams' risk posture and partner with leaders to uphold policy compliance across global, regional, and country-based assets and systems
Maintain the security and technology compliance posture through governance and oversight
Ensure data protection, privacy, and software development practices meet legal and regulatory standards
Assist with managing the Portfolio or Service Line of security risk and compliance, engaging directly with key EY stakeholders to mitigate and reduce risks
Gather information and report on security risk trends and themes that require a comprehensive approach to remediation
Proactively seek out and identify security risks, weaknesses, and potential vulnerabilities in systems and processes before they can be exploited
Improve compliance with security standards and policies through continuous improvement and innovation in security practices
Assist with managing the end-to-end workflow of security compliance of risk findings in Governance, Risk, and Compliance (GRC) tools to ensure continuity and compliance with policies, standards, and regulations

Requirements

At least 8 years of experience in Cyber Security or a related field
At least 3 years of experience in a leadership role managing a team
A degree in Cybersecurity, Information Security, Computer Science, or related discipline; or equivalent work experience
One or more of the following or equivalent certifications: Certified Risk and Information Systems Control (CRISC), Certified Information Systems Security Processional (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), Certified Internal Auditor (CIA), Global Information Assurance Certification (GIAC) in related area, CIPP, CIPT
Familiarity with security standards like ISO 27001/27002, NIST, PCI DSS, ITIL, COBIT
Understanding of governance, risk, and compliance (GRC) frameworks
Experience with regulatory requirements such as PCI, SOX, HIPAA, GDPR, GLBA
Proven ability to identify and mitigate security risks proactively
Capable of working with diverse teams and promoting an enterprise-wide, collaborative security culture
Experience in managing communication and recommendations to IT project teams
Strong English language communication skills

Benefits

medical and dental coverage
pension and 401(k) plans
a wide range of paid time off options
flexible vacation policy
designated EY Paid Holidays
Winter/Summer breaks
Personal/Family Care leave
other leaves of absence when needed

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Cyber SecurityInformation SecurityRisk ManagementCompliance ManagementData ProtectionSoftware Development PracticesGovernance, Risk, and Compliance (GRC)Security Risk AssessmentVulnerability ManagementContinuous Improvement in Security Practices

Soft Skills

LeadershipTeam ManagementCollaborationCommunicationProactive Risk IdentificationStakeholder EngagementProblem SolvingInnovationInterpersonal SkillsOrganizational Skills

Certifications

Certified Risk and Information Systems Control (CRISC)Certified Information Systems Security Professional (CISSP)Certified Information Security Manager (CISM)Certified Information System Auditor (CISA)Certified Internal Auditor (CIA)Global Information Assurance Certification (GIAC)CIPPCIPT