TC CS SRC Cyber Risk And Compliance- Senior

At EY youll have the chance to build a career as unique as you are with the global scale support inclusive culture and technology to become the best version of you. And were counting on your unique voice and perspective to help EY become even better too. Join us and build an exceptional experience for yourself and a better working world for all.

EY- Cyber Risk Compliance and Resilience TPRM Senior

As part of our EY Cyber Risk and Compliance Consulting (CRCR) team you will contribute technically to Cyber Security client engagements and internal projects. The role involves managing Third-Party Risk Management (TPRM) engagements ensuring that our clients effectively identify assess and mitigate risks associated with third-party relationships. An important part of your role will be to actively establish maintain and strengthen internal and external relationships.

The opportunity

We are looking for TPRM Senior with expertise in cyber security risk management and security controls testing concepts. This role offers a unique opportunity to contribute to the growth of our TPRM service offering while upholding EYs commitment to quality and line with EYs commitment to quality you will confirm that work is of the highest quality as per EYs quality standards. You will help to create a positive learning culture coach and counsel junior team members and help them to develop. As an influential member of the team you will help to create a positive learning culture coach and counsel junior team members and help them to develop.

Your key responsibilities

• To Assist Managers and client in the delivery of third-party risk management engagements such engagements involve performing a security assessment of a clients third- party service providers. This includes:
• Risk Assessment and Management: Conduct comprehensive risk assessments of third-party vendors to identify potential risks and vulnerabilities. Draft and explain risk mitigation strategies to minimize exposure to third-party risks.
• Policy Development and Compliance: Collaborate with stakeholders to develop or update third-party risk management policies and procedures. Ensure compliance with regulatory requirements and internal policies related to third-party engagements.
• Third Party Due Diligence: Oversee the third-party due diligence process including cyber privacy resiliency and compliance assessments.
• Cross-Functional Collaboration: Work closely with various departments (e.g. Legal Compliance IT) to ensure a holistic approach to third-party risk management. Facilitate communication and training on third-party risk management best practices across the organization.
• Reporting and Analytics: Prepare and present regular reports on third-party risk exposure and management activities to client senior leadership. Utilize data analytics to identify trends and areas for improvement in third-party risk management processes.
• Incident Management: Lead investigations into third-party incidents and breaches ensuring appropriate corrective actions are taken. Maintain an incident response plan specific to third-party risks.
• Continuous Improvement: Stay informed about industry trends emerging risks and best practices in third-party risk management. Recommend enhancements to the third-party risk management framework based on evolving business needs and regulatory changes.

Skills and attributes for success

• Cyber Security Skills: Around 5 years of experience with key components of Cyber Security including (but not limited to):
  • Third Party Risk Management (End to end TPRM lifecycle)
  • Cyber Governance Risk and Compliance
  • Cyber Strategy & Transformation
  • Business Continuity & Disaster Recovery
• Basic knowledge of general security concepts including defence-in-depth least privilege security architecture and design networking architecture reviews VAPT IDS/IPS technologies SIEM and resiliency concepts such as business continuity and workplace safety.
• TPRM Skills: Experience in client-facing roles managing cyber security and resiliency-based third-party risk assessments from start to finish. Ability to lead third-party assessments providing technical guidance to assessors and facilitating decision-making during evidence reviews.
• Analytical Skills: Strong ability to analyze complex data and risk factors to make informed decisions regarding third-party relationships.
• Attention to Detail: Meticulous attention to detail in assessing vendor documentation contracts and compliance requirements to ensure thorough evaluations.
• Communication Skills: Excellent verbal and written communication skills to effectively convey risk assessments and recommendations to stakeholders at all levels.
• Problem-Solving Abilities: Proactive and strategic thinker with a knack for identifying potential issues and developing effective solutions to mitigate risks.
• Interpersonal Skills: Strong relationship-building skills to foster collaboration with internal teams and external vendors ensuring alignment on risk management objectives.
• Project Management: Proven ability to manage multiple projects simultaneously prioritize tasks and meet deadlines in a fast-paced environment.
• Regulatory Knowledge: In-depth understanding of relevant regulations and compliance requirements related to third-party risk management including data privacy and security standards such as ISO 27001 NIST 800-53 PCI DSS HIPAA HITRUST GDPR CCPA COBIT OWASP Top 10 etc.
• Technical Proficiency: Familiarity with risk management software and tools as well as proficiency in data analysis and reporting tools (e.g. GRC enablement solutions such as Process Unity Prevalent Archer ServiceNow etc.).
• Adaptability: Ability to adapt to changing business environments and evolving regulatory landscapes demonstrating flexibility in approach and mindset.
• Leadership Qualities: Strong leadership skills to guide and mentor junior team members fostering a culture of risk awareness and compliance within the organization.

Qualify for the role you must have.

• A bachelors degree in computer science computer/ electrical engineering information technology or a related field
• At least 4 years of relevant experience cyber security and Third-Party Risk Management
• One mandatory certification - CISSP CISA CISM CTPRP CTPRA CIPP ISO 27001
• Knowledge of TPRM tools like OneTrust ProcessUnity ServiceNow Archer along with external data providers like SecurityScorecard BitSight etc.
• Experience in client service delivery and be able to manage multiple engagement teams and projects.
• Program and Project Management skills.

Ideally you will also have

• Strong analytical and problem-solving skills
• Strong drive to excel professionally and to guide and motivate others.
• Excellent interpersonal written verbal communication and presentation skills.

What we look for

• Highly motivated individuals with excellent problem-solving skills and the ability to prioritize shifting workloads in a rapidly changing industry.
• An effective communicator you will be a confident leader equipped with strong people management skills and a genuine passion to make things happen in a dynamic organization.
• An opportunity to be a part of market-leading multi-disciplinary team of 2000 professionals in the only integrated global transaction business worldwide.
• Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries.

EY Building a better working world

EY exists to build a better working world helping to create long-term value for clients people and society and build trust in the capital markets.

Enabled by data and technology diverse EY teams in over 150 countries provide trust through assurance and help clients grow transform and operate.

Working across assurance consulting law strategy tax and transactions EY teams ask better questions to find new answers for the complex issues facing our world today.