TC-CS-SRCR- Cyber Risk And Compliance- Manager

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

EY- Cyber Risk Compliance and Resilience –TPRM Manager

As part of our EY Cyber Risk and Compliance Consulting (CRCR) team, you will contribute technically to Cyber Security client engagements and internal projects. The role involves managing Third-Party Risk Management (TPRM) engagements, ensuring that our clients effectively identify, assess, and mitigate risks associated with third-party relationships. An important part of your role will be to actively establish, maintain, and strengthen internal and external relationships.

The Opportunity

We are looking for TPRM Manager with expertise in cyber security, risk management, and security controls testing concepts. This role offers a unique opportunity to contribute to the growth of our TPRM service offering while upholding EY’s commitment to quality and excellence. In line with EY’s commitment to quality, you will confirm that work is of the highest quality as per EY’s quality standards. You will help to create a positive learning culture, coach and counsel junior team members and help them to develop. As an influential member of the team, you will help to create a positive learning culture, coach and counsel junior team members and help them to develop.

Your Key Responsibilities

• Reporting to the competency leader for Cyber Risk, Compliance, Resilience (CRCR) and will be responsible for:
• Leading TPRM Engagements: Manage and deliver TPRM engagements, including current state assessments, program design and implementation, technology integration, and managed service operations.
• Managed Service Operations Delivery: Oversee the end-to-end TPRM assessment lifecycle, from intake to onboarding and offboarding, ensuring effective delivery of TPRM managed services.
• TPRM Technology Implementation: Lead implementation projects for TPRM technologies such as OneTrust, ServiceNow, Archer, and Ariba, ensuring successful integration and adoption within the organization.
• Stakeholder Relationship Management: Build and maintain strong relationships with internal and external stakeholders, facilitating effective communication and collaboration on TPRM initiatives.
• TPRM Strategy Development: Develop and implement TPRM strategies and frameworks to identify, assess, and mitigate risks associated with third-party vendors and partners.
• Policy and Procedure Implementation: Create and enforce TPRM policies and procedures that align with organizational goals, industry standards, and regulatory requirements.
• Process Improvement: Review and enhance TPRM processes, including risk assessment methodologies, due diligence procedures, and monitoring practices to ensure effectiveness and efficiency.
• Cross-Department Collaboration: Work closely with stakeholders such as Privacy, Legal, Procurement, Cybersecurity, and IT to ensure a comprehensive approach to managing third-party risks.
• Technology Enhancement Initiatives: Lead or participate in initiatives focused on technology enhancements, including Automation, Data Analytics, and AI, to support and streamline TPRM processes.
• Market Awareness: Maintain a broad understanding of market trends, competitor activities, and EY’s TPRM products and service lines.
• Business Development Support: Assist EY leadership in driving business development efforts and managing client accounts related to TPRM services.
• Internal Relationship Building: Foster strong internal relationships within EY Consulting Services and across other organizational services to promote TPRM best practices.

Skills and attributes for success

• Excellent interpersonal, written, verbal, communication, and presentation skills
• Hands-on experience of more than 8 years of with key components of Cyber Security including (but not limited to):
• Third Party Risk Management (End to end TPRM lifecycle)
• Cyber Governance, Risk and Compliance
• Cyber Strategy & Transformation
• Business Continuity & Disaster Recovery
• Regulations/standards such as ISO 27001, NIST 800-53, PCI DSS, HIPAA, HITRUST, GDPR, CCPA, COBIT, OWASP Top 10 etc.
• Proven experience in client-facing roles, managing cyber security and resiliency-based third-party risk assessments from start to finish.
• Ability to lead third-party assessments, providing technical guidance to assessors and facilitating decision-making during evidence reviews.
• Proficient in performing detailed technical quality assurance reviews of deliverables, guiding the team with constructive feedback to ensure timely and high-quality outputs.
• Strong stakeholder management skills, capable of leading discussions with stakeholders and presenting engagement metrics, including identified findings.
• Effective communicator, able to bridge gaps between assessors and vendors as needed.
• Skilled in handling escalations, analysing root causes, identifying lessons learned, and sharing insights with the team for continuous improvement.
• Demonstrated people management skills, fostering effective team collaboration.
• Capable of reviewing remediation plans and providing quality feedback as a QA reviewer.
• Experience in providing technical training to enhance team members' skills and serving as a mentor as needed.
• Committed to contributing to current processes, identifying potential improvements or optimizations, assessing impacts, and communicating changes to relevant stakeholders for implementation.
• In-depth knowledge of general security concepts, including defence-in-depth, least privilege, security architecture and design, networking, architecture reviews, VAPT, IDS/IPS technologies, SIEM, and resiliency concepts such as business continuity and workplace safety.
• Ability to develop budget, scope, and staffing recommendations based on an understanding of client budgets and project economics.
• Experience managing large teams to deliver Cyber services, either independently or within large, complex projects.
• Proficient in utilizing and guiding the team with TPRM tools such as OneTrust, Process Unity, ServiceNow, Archer, and external data providers like Security Scorecard and BitSight.

Qualify for the role, you must have.

• A bachelor’s degree in computer science, computer/ electrical engineering, information technology or a related field
• At least 8 years of overall experience of recent relevant work experience in information security/Third-Party Risk Management
• One mandatory certification - CISSP, CISA, CISM, CTPRP, CTPRA, CIPP, ISO 27001
• Knowledge of TPRM tools like OneTrust, ProcessUnity, ServiceNow, Archer along with external data providers like SecurityScorecard and BitSight
• Experience in client service delivery and be able to manage multiple engagement teams and projects.
• Program and Project Management skills.

Ideally, you will also have

• Strong analytical and problem-solving skills
• Strong drive to excel professionally, and to guide and motivate others.
• Excellent interpersonal, written, verbal, communication, and presentation skills.

What we look for

• Highly motivated individuals with excellent problem-solving skills and the ability to prioritize shifting workloads in a rapidly changing industry.
• An effective communicator, you will be a confident leader equipped with strong people management skills and a genuine passion to make things happen in a dynamic organization.
• An opportunity to be a part of market-leading, multi-disciplinary team of 2000 + professionals, in the only integrated global transaction business worldwide.
• Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries.

EY | Building a better working world 

 
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.  

 
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  

 
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.