TC - CS - SRC - Cyber Risk And Compliance- Senior

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

EY- Cyber Risk Compliance and Resilience –TPRM Senior

As part of our EY Cyber Risk and Compliance Consulting (CRCR) team, you will contribute technically to Cyber Security client engagements and internal projects. The role involves managing Third-Party Risk Management (TPRM) engagements, ensuring that our clients effectively identify, assess, and mitigate risks associated with third-party relationships. An important part of your role will be to actively establish, maintain, and strengthen internal and external relationships.

The Opportunity

We are looking for TPRM Senior with expertise in cyber security, risk management, and security controls testing concepts. This role offers a unique opportunity to contribute to the growth of our TPRM service offering while upholding EY’s commitment to quality and excellence. In line with EY’s commitment to quality, you will confirm that work is of the highest quality as per EY’s quality standards. You will help to create a positive learning culture, coach and counsel junior team members and help them to develop. As an influential member of the team, you will help to create a positive learning culture, coach and counsel junior team members and help them to develop.

Your Key Responsibilities

• To Assist Managers and client in the delivery of third-party risk management engagements, such engagements involve performing a security assessment of a client’s third- party service providers. This includes:
• Risk Assessment and Management: Conduct comprehensive risk assessments of third-party vendors to identify potential risks and vulnerabilities. Draft and explain risk mitigation strategies to minimize exposure to third-party risks.
• Policy Development and Compliance: Collaborate with stakeholders to develop or update third-party risk management policies and procedures. Ensure compliance with regulatory requirements and internal policies related to third-party engagements.
• Third Party Due Diligence: Oversee the third-party due diligence process, including cyber, privacy, resiliency and compliance assessments.
• Cross-Functional Collaboration: Work closely with various departments (e.g., Legal, Compliance, IT) to ensure a holistic approach to third-party risk management. Facilitate communication and training on third-party risk management best practices across the organization.
• Reporting and Analytics: Prepare and present regular reports on third-party risk exposure and management activities to client senior leadership. Utilize data analytics to identify trends and areas for improvement in third-party risk management processes.
• Incident Management: Lead investigations into third-party incidents and breaches, ensuring appropriate corrective actions are taken. Maintain an incident response plan specific to third-party risks.
• Continuous Improvement: Stay informed about industry trends, emerging risks, and best practices in third-party risk management. Recommend enhancements to the third-party risk management framework based on evolving business needs and regulatory changes.

Skills and attributes for success

• Cyber Security Skills: Around 5 years of experience with key components of Cyber Security including (but not limited to):
• Basic knowledge of general security concepts, including defence-in-depth, least privilege, security architecture and design, networking, architecture reviews, VAPT, IDS/IPS technologies, SIEM, and resiliency concepts such as business continuity and workplace safety.
• TPRM Skills: Experience in client-facing roles, managing cyber security and resiliency-based third-party risk assessments from start to finish. Ability to lead third-party assessments, providing technical guidance to assessors and facilitating decision-making during evidence reviews.
• Analytical Skills: Strong ability to analyze complex data and risk factors to make informed decisions regarding third-party relationships.
• Attention to Detail: Meticulous attention to detail in assessing vendor documentation, contracts, and compliance requirements to ensure thorough evaluations.
• Communication Skills: Excellent verbal and written communication skills to effectively convey risk assessments and recommendations to stakeholders at all levels.
• Problem-Solving Abilities: Proactive and strategic thinker with a knack for identifying potential issues and developing effective solutions to mitigate risks.
• Interpersonal Skills: Strong relationship-building skills to foster collaboration with internal teams and external vendors, ensuring alignment on risk management objectives.
• Project Management: Proven ability to manage multiple projects simultaneously, prioritize tasks, and meet deadlines in a fast-paced environment.
• Regulatory Knowledge: In-depth understanding of relevant regulations and compliance requirements related to third-party risk management, including data privacy and security standards such as ISO 27001, NIST 800-53, PCI DSS, HIPAA, HITRUST, GDPR, CCPA, COBIT, OWASP Top 10 etc.
• Technical Proficiency: Familiarity with risk management software and tools, as well as proficiency in data analysis and reporting tools (e.g., GRC enablement solutions, such as Process Unity, Prevalent, Archer, ServiceNow, etc.).
• Adaptability: Ability to adapt to changing business environments and evolving regulatory landscapes, demonstrating flexibility in approach and mindset.
• Leadership Qualities: Strong leadership skills to guide and mentor junior team members, fostering a culture of risk awareness and compliance within the organization.
• Third Party Risk Management (End to end TPRM lifecycle)
• Cyber Governance, Risk and Compliance
• Cyber Strategy & Transformation
• Business Continuity & Disaster Recovery

Qualify for the role, you must have.

• A bachelor’s degree in computer science, computer/ electrical engineering, information technology or a related field
• At least 4 years of relevant experience cyber security and Third-Party Risk Management
• One mandatory certification - CISSP, CISA, CISM, CTPRP, CTPRA, CIPP, ISO 27001
• Knowledge of TPRM tools like OneTrust, ProcessUnity, ServiceNow, Archer along with external data providers like SecurityScorecard, BitSight, etc.
• Experience in client service delivery and be able to manage multiple engagement teams and projects.
• Program and Project Management skills.

Ideally, you will also have

• Strong analytical and problem-solving skills
• Strong drive to excel professionally, and to guide and motivate others.
• Excellent interpersonal, written, verbal, communication, and presentation skills.

What we look for

• Highly motivated individuals with excellent problem-solving skills and the ability to prioritize shifting workloads in a rapidly changing industry.
• An effective communicator, you will be a confident leader equipped with strong people management skills and a genuine passion to make things happen in a dynamic organization.
• An opportunity to be a part of market-leading, multi-disciplinary team of 2000 + professionals, in the only integrated global transaction business worldwide.
• Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries.

EY | Building a better working world 

 
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.  

 
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  

 
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.