Security Compliance Specialist
Security Compliance Specialist
The Security Compliance department identifies and manages the key Information Security risks within EY. The department owns the Compliance Program that manages identified non-conformity events to existing policies, monitors and reports on the effectiveness of IT controls, and performs root cause analysis to identify systemic or process weaknesses that may affect the firm’s information security posture. Our primary goal is to defend against internal and external threats and protect client and enterprise confidential data. This goal is balanced against various business goals and objectives, helping to protect the firm and its clients in a cost effective way.
The Compliance Specialist will contribute to the evolution of EY’s Compliance program. The Compliance Specialist is also responsible for the day-to-day activities as they relate to the security compliance program and follow-up activities. The Compliance Specialist is aligned functionally within the organization and therefore is responsible for advising others on the compliance process and increasing awareness of security within their area of responsibility.
Your key responsibilities
- Conducts security compliance program activities as specified in the information security policy to assess compliance with EY’s policies, standards and procedures
- Keeps track of security deficiencies through the documentation of findings, monitoring the follow through of the remediation, and validates closure to increase the security maturity of the security program and reduce overall risk
- Reports on metrics to gauge effectiveness of the security policy framework and publish periodic metrics report
- Analyzes the data contained within the compliance system and other security information repositories to identify security trends, root causes and notable risks.
- Advises others, helping to enhance and improve their understanding of information security and its importance to EY.
- Advises managers and other leaders concerning the overall status of the function’s compliance findings and associated remediation plans and exceptions.
- Documents security findings, remediation plans and exception requests in a clear and concise manner
- Identifies what is needed to validate remediation has been successful
Analytical/Decision Making Responsibilities
- Demonstrated integrity and judgment, tact and decision making ability within a professional environment
- Demonstrated ability to think creatively while accounting for multiple perspectives in any given scenario
- Ability to appropriately balance firm security needs with business impact & benefit
- Ability to recognize patterns in structure and unstructured data and to draw appropriate connections between seemingly disparate pieces of information
- Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity, and rapid change.
- Must be able to work independently and with minimal direct supervision
- Directs the progress of project work assigned to team members, and report status to management
- Evaluates, counsels, mentors and provides feedback on performance of team members
- Plans the training and development of team members to develop their skills and maintains state-of-the-art knowledge in information security
Skills and attributes for success
- Experience with data analytics tools like SAS or Spotfire will be preferred
- Maintain awareness of the current security threat landscape
- An overall understanding of the business objectives and security challenges within the different Service Lines within the organization
- Ability to team well with others to facilitate and enhance the understanding and compliance to security policies
- Some programming experience will be beneficial, though not required
To qualify for the role, you must have
- Minimum of five years related IT work experience
- Three or more years of experience in the Information Security field
- Three or more years in an IT networking role
- Experience in solution design and development or within an infrastructure operations organization supporting LAN/WAN’s
- Experience advising and communication with clients and vendors in relation to security policies
- Demonstrated sound judgment, tact, and decision-making ability
- Good management, interpersonal, communication, organizational, and decision-making skills
- Ability to understand and integrate cultural differences and motives and to lead cross cultural teams
- Strong English language skills, written and verbal, are required
- An advanced degree in Computer Science or a related discipline, or equivalent work experience
- Candidates with one of the following or equivalent certifications will be preferred:
- Certified Information Systems Security Processional (CISSP), Global Information Assurance Certification (GIAC),
What we offer
EY Global Delivery Services (GDS) is a dynamic and truly global delivery network. We work across six locations – Argentina, China, India, the Philippines, Poland and the UK – and with teams from all EY service lines, geographies and sectors, playing a vital role in the delivery of the EY growth strategy. From accountants to coders to advisory consultants, we offer a wide variety of fulfilling career opportunities that span all business disciplines. In GDS, you will collaborate with EY teams on exciting projects and work with well-known brands from across the globe. We’ll introduce you to an ever-expanding ecosystem of people, learning, skills and insights that will stay with you throughout your career.
- Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
- Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
- Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
- Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.
EY | Building a better working world
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.
If you can demonstrate that you meet the criteria above, please contact us as soon as possible.
The exceptional EY experience. It’s yours to build.
For further information, and to apply, please visit our website via the “Apply” button below.