EY TC-CS-SRCR-Manager-IT Governance 

India, Maharashtra, Pune 

328944842

Job Title

Cybersecurity Governance Manager

Job Responsibilities

• Maintain strong knowledge and understanding of global operating environment, enterprise cybersecurity landscape as well as the Enterprise Cybersecurity Governance Framework (ECGF) and its inherent components.
• Maintain strong knowledge of adopted cybersecurity standards,
• frameworks, and applicable regulatory obligations (e.g., ISO-27001/2, PCI, CMMC, CIS, NIST)
• Develop and execute a robust monitoring program for on-going processes and procedures across key domains within the enterprise cybersecurity program.
• Engage cybersecurity process owners in understanding identified issues, incidents, and other noted anomalies, providing relevant input/review insights, while integrating technical expertise and business understanding to propose innovative solutions to complex problems as applicable.
• Track and monitor identified problems (i.e., incidents, exceptions, anomalies)
• Work on complex problems where analysis of situations or data requires an in-depth evaluation of multiple factors, providing mentoring and guidance to relevant SMEs
• Exercise significant independent judgment to determine best method for accomplishing work and achieving objectives.
• Assess new, or changes to existing security processes, and follow change management process to make improvements as applicable.
• Establish and maintain relationships with key business partners across the organization.
• Serve as a liaison in the internal and external audits, provide supporting evidence and assess any identified issues and remediation action plans.
• Partner with security SMEs and stakeholders across the enterprise in conducting root cause analysis of security incidents, exceptions, and anomalies.
• Consistently demonstrate excellent stakeholder collaboration, communication, and customer-oriented skills, and project management capabilities

Basic Qualifications

• Bachelor’s degree from an accredited college/university
• At least two (2) relevant cybersecurity certifications (e.g., CISM, CISSP, CCSP, GIAC, CISA,
• CRISC).
• 10+ years working with global cybersecurity industry standards, frameworks, and
• regulatory requirements such as ISO-27001/2, PCI, CMMC, NYDFS, FFIEC, SWIFT, CTPAT
• 5+ years of experience working with the Microsoft Office/O365 Suite
• 5+ years of data management, analysis, transformation, systems workflow modeling and
• implementation
• IT consulting experience is a plus.

Key Competencies

• Excellent written and verbal communication with ability to explain complex issues to technical and non-technical users across the enterprise.
• Strong organizational skills with the ability to follow and assess adherence to standard processes.
• Strong analytical and critical thinking skills
• Ability to adjust to multiple demands, changing priorities, and rapid change, while multitasking effectively
• Strong collaboration and coordination skills

Ideal Candidate Will Also Have

• Experience reviewing independent audit attestation such as SOC 2 Type 2 or ISO 27001
• Knowledge of information security frameworks, ISO 27001, ISO 27002, NIST CSF, NIST 800-82
• One or more professional information security certifications from an accredited institution:CTPRP, CTPRA, CISSP, CRISC,SANS/GSEC,

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.