EMEIA Technology Risk Leader

EY GDS (Global Delivery Services) means 40.000 specialists providing globally IT, project management and strategic business services to EY member firms. In addition we deliver support and solutions to clients from all over the world.

The opportunity:

The role of the EMEIA Technology Risk Leader is to enable the conduct of business, through proactive identification, assessment, and mitigation, of IT risks facing EMEIA personnel, facilities, and operations around the globe. This individual partners with IT Risk Management leadership and business stakeholders to manage strategic risk to enable critical service delivery processes. Our primary objectives are to build a risk-aware culture, reduce IT risk, defend against internal and external threats, and protect client and EY data.

Your key responsibilities

As an Associate Director leading the EMEIA Technology Risk team, you will oversee the management of risk across EMEIA including the engagement of firm leadership, the management/remediation of information and technology strategic risks in EMEIA, interface to operational and business risk activities. You will partner closely with the Global IT Risk Management leader to execute on the vision, strategy, goals, and objectives for IT Risk Management.

Skills and attributes for success

• Drive technology risk mitigation in EMEIA with IT Risk Management with accountability to EMEIA Risk Management
• Execute top-down strategic risk assessments throughout EMEIA which will reveal risks that impact business processes, performance, and strategy
• Coordinate with IT Risk Management risk leadership on strategic risk priorities
• Serves as a point of escalation for technology risk across EMEIA
• Exhibit industry leading risk management practices through effective internal controls, risk monitoring, and risk assessments
• Looks for ways to continually improve our risk management processes
• Understand the EMEIA IT risk landscape while receiving input from domain, product, and service owners on potential risks
• Leverage existing risk assessment frameworks to systematically identify risks requiring high level remediation
• Conduct top-down systematic risk assessments on EMEIA-specific technology risk
• Helps to reinforce the usage of a standard risk management framework for EMEIA technology risk
• Engage with EY Risk Management functions including: GCO, Data Protection, Enterprise Risk Management, Independence, etc. to validate the EMEIA’s overall risk compliance
• Consult on Enterprise programs to embed risk-based decision-making
• Consult with leaders in EY Technology on effective risk mitigation strategies
• In partnership with the Global IT Risk Management Leader, drive adoption of industry leading risk management practices
• Deliver risk intelligence to EMEIA leaders to enable informed decision-making

To qualify for the role you must have

• An in-depth understanding of ISO 27002, ISO 27001, ISO 31000 frameworks and applying these frameworks
• Familiarity with local and regional regulatory requirements and how they impact IT policies
• Experience with RSA Archer
• Experience managing the communication to senior leaders in relation to our risk management program
• Projects advanced consultative skills to conduct effective questioning to break down complex issues into core elements, formulate appropriate ideas or planning and negotiate those ideas and plans clearly and concisely to advance a cooperative engagement by all levels of the organization including senior and/or executive management.
• Solid ability to guide or develop actionable roadmaps and to implement in an efficient way to drive all risk management directives.
• An ability to utilize core risk and controls skills in a broad range of projects both in a traditional internal audit and in advisory projects aimed at assisting in the implementation of controls / improvements.
• Experience in developing and executing reporting strategies
• Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change
• Demonstrated ability to multitask and prioritize in a fast-paced environment
• Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change
• Outstanding interpersonal, communication, organizational, and decision-making skills
• Strong judgment and analytical ability
• Ability to communicate and gain support for initiatives
• Strong English language skills; excellent writing, presentation, interpersonal, and communication skills are required
• Ability to understand and integrate cultural differences and motives and to lead cross cultural teams.
• An ability to utilize core risk and controls skills in a broad range of projects both in a traditional internal audit and in advisory projects aimed at assisting in the implementation of controls / improvements.
• Professional; quickly establishes personal credibility and demonstrates expertise.
• 10 or more years of experience in the Information Technology, Information Security and/or IT Risk Management field(s).
• 5+ years of experience in managing senior staff/management staff in Governance, Risk, and Compliance
• An advanced degree in Computer Science, Information Security or a related discipline, or equivalent work experience.
• One or more of the following or equivalent certifications preferred: Certified Risk and Information Systems Control (CRISC), Certified Information Systems Security Processional (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), Certified Internal Auditor (CIA), Global Information Assurance Certification (GIAC) in related area, CIPP, CIPT

Ideally, you’ll also have

• Experience in IT Risk Management and/or Information Security disciplines
• Experience in communicating to all levels of management, clients and vendors
• A working knowledge of policy frameworks such as ISO, COBIT and unified compliance framework
• Ability to appropriately balance internal functional needs with business impact and benefit
• Skilled in executive level presentations and briefings
• Solid knowledge and working experience in governance, risk and compliance as applies to technology
• Proactively maintains a comprehensive knowledge of the core business and financial drivers of EY’s service lines as well as the operating environment within IT. Works with peers and others in service specific IT groups to support the proper recognition of risk issues or to proactively position risk mitigation and other service improvement opportunities or to engage with others in the area of continuous improvement.
• Good appreciation of the business benefits of internal control and good risk management and not just for compliance purposes (i.e., not limited to SOX, PCI or other regulatory mainstay drivers).

What working at EY offers

• Opportunity to develop technical and non-technical skills in a truly global environment
• Variety of platforms for upskilling including but not limited to Udemy, on-site trainings, language classes
• Flexible full time working hours with respect to your work life balance
• Modern and well located office in Wroclaw
• Non-wage benefits: private health care for you and your family, life insurance, MultiSport card, theatre and cinema tickets, shopping vouchers etc.
• Interesting top technology transformation projects with global impact
  

If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.

Build your legacy with us.

For further information, and to apply, please visit our website via the “Apply” button below.