Technology Consulting (CYBER) - Cyber Risk Manager
At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.
EY’s cyber security practice is one of the fastest growing areas of the business with significant ambition for the future through additional recruitment and acquisition. As part of our cyber team, you will be providing cyber risk advisory support and direction to help our clients improve their cyber security posture to respond to the dynamic nature of cyber security threats. You will provide security domain expertise and utilise your business insight to work closely with our clients to advise, design, build and deploy pragmatic security and risk solutions that will provide real and tangible benefits to protect their organisations.
Key activities for this role include the following:
- Identifying industry standards and regulatory guidelines for managing information security in order to minimise the risk of compromise of sensitive business systems.
- Leading the development, maintenance, and evaluation of organisational security policies and procedures, and working closely with engineering and operations teams to ensure systems controls meet security requirements.
- Managing and following up on the results of audits of system security and remediation efforts.
- Design, implement, and maintain the overall IT/cyber security risk management framework across client organisations
- Perform ongoing oversight and monitoring to ensure compliance by clients with the IT/security risk management framework
- Support and challenge the assessment of IT and Security risk across all relevant areas of clients and escalate risk and control issues to the clients Chief Risk Officer as required
- Design and implement appropriate reporting on IT and Security risk status to the Board and appropriate committees
- Report and monitor the status of this to ensure risks remain within risk appetite and escalate any concerns to the clients Chief Risk Officer as required
- Support and challenge client’s IT with its ongoing/periodic Risk and Control Self-Assessments (RCSAs) and perform Quality Assurance on RCSAs to feedback any concerns
- Help drive the mitigation of key IT/security risks by identifying and recommending changes to policies and procedures, control enhancements, etc. as needed
- Maintain awareness of emerging IT/security risks and trends and raise awareness of such risks to the clients' Board, Senior Management, and governance fora/committees as appropriate
- Identify relevant IT/security regulations, interpret relevant requirements and disseminate these accordingly in the form of actionable requirements to the client’s functional areas
- Provide risk management guidance to client’s business and IT teams on IT Outsourcing requirements and initiatives
- Provide interpretation of IT/security-related regulations and guidelines and disseminate this to clients and monitor compliance with such regulations
- Develop and monitor IT/security policies and procedures (e.g. IT policy, Information Security policy, Cyber Security policy, Outsourcing policy) and implement a schedule of regular reviews to ensure that policies are kept relevant and aligned to industry expected standards
- Work in conjunction with relevant business stakeholders to ensure implementation of operational risk policies, standards, and procedures to achieve effective mitigation and treatment of IT and Security risks
- Define, develop and implement appropriate IT/security risk assurance capability and associated risk reporting (including key risk indicators)
- Work closely with the Chief Risk Officer to drive the continued development of the IT/Security risk management framework
Qualifications & Experience
- 6+ years of experience in IT/Security Risk Management in either a first line or a second line capacity. IT Audit experience is also helpful
- Experience in developing and maintaining Technology and Security risk frameworks, policies, and guidance
- The ability to develop and foster strong relationships with relevant business stakeholders;
- Proven communication skills, ability to work effectively with and influence stakeholders at all levels of an organisation
- Strong understanding of technology/security risk and control and the business impacts of these risks, in particular, how they impact clients and their reputation
- Strong communications skills, proven ability to work effectively with and influence the actions of stakeholders at all levels of clients. Credibility to influence Senior Management and wider internal and external stakeholders
- Strong interpersonal skills and a team player;
- Professional or third level qualification ideally in Risk, Compliance, Information Technology, Business or Finance
- Knowledge of Operational Risk requirements and industry guidelines for IT and security risk management and mitigation within financial services
- Good knowledge in relevant IT/Security domains (e.g. Application Development, Change Management, Application Security, Security Operations, Cyber Security Monitoring, Vulnerability Management, Incident Management, Identity and Access Management or Cloud Security/Infrastructure)
- Professional certifications in the field of Operational Risk Management, IT Risk Management, Information Security, Cyber Security, etc. are highly recommended (e.g. CRISC, CISA, CISM, CISSP, ITIL, COBIT 2019, ISO2700X, NIST CSF, etc.)
- Successful history in performing internal and/or external audits, including a focus on IT, Information Security, IT Continuity and Resilience, IT Disaster Recovery, and IT Outsourcing risk
- Successful history of third-party risk management experience. Experience performing third party risk assessments in areas including but not limited to Privacy and Information Security
EY | Building a better working world
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.
For further information, and to apply, please visit our website via the “Apply” button below.