designing control testing and risk assessment methodology to measure and quantify compliance to policies and control objectives.
Your key responsibilitiesThe
Skills and attributes for success
- Create and design test plans for a variety of Information Security controls across the full scope of a Technology Risk Universe
- Based on results of assessments and testing, assist control owners with the design and implementation of their controls in the organization's IT environment. Strategize on the appropriate amount of preventive, detective, or corrective controls which will have the most impact on reducing overall risk for the firm.
- Appropriately balance firm security needs with business impact and benefitwhenrecommending advancements in policy and control objectives and directing those efforts to completion.
- Think strategically to assist with the development of a long-term vision for the Control & Risk Assessment Program
- Act as a thought leader in the firm, staying informed of changes in information security, regulatory requirements, audit standards, and industry trends, adjusting strategies, as necessary.
- Build and maintain appropriate relationships with internal and external leaders to ensure awareness and understanding of potential strategic directions.
- Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change.
- Outstanding management, interpersonal, communication, organizational, and decision-making skills.
- Ability to understand and integrate cultural differences and motives and to lead cross cultural teams.
- Evaluate, counsel, mentor and provide feedback on performance of others.
- Plan the training and development of staff to develop their skills and maintain state-of-the-art knowledge in information security.
- Demonstrate integrity and judgment within a professional environment.
To qualify for the role you must have- 7+ years of experience in the Information Technology, Information Security and/or Risk Management field(s).
- Audit experience or a demonstrated ability to design and test technology controls.
- 2+ years of experience in managing and mentoring junior and senior level staff.
- Experience working on global and virtual teams.
- High proficiency in speaking, reading, and writing skills in English (primary).
- Moderate proficiency in speaking, reading, and writing skills in Mandarin (secondary).
- An advanced degree in Computer Science, Information Security, or a related field; equivalent work experience will be considered on a case-by-case basis.
- One or more of the following or equivalent certifications preferred: Certified Risk and Information Systems Control (CRISC), Certified Information Systems Security Processional (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), Certified Internal Auditor (CIA), Global Information Assurance Certification (GIAC) in related area, CIPP, CIPT.
Ideally, you’ll also have- A working knowledge of external control standards like ISO 27001, NIST 800-53, COBIT, etc. and regulatory requirements like GDPR and SOX.
- Skilled in Microsoft Office and M365 products; primarily Word, Excel, PowerPoint, SharePoint, PowerApps, and PowerBI.
- Experience with RSA Archer or other GRC tools.
- Flexibility to work outside of normal business hours when engaging with team members and stakeholders in various time zones.
What we offerAs part of this role, you will work in a highly coordinated, globally diverse team with the opportunity and tools to grow, develop and drive your career forward. Here, you can combine global opportunity with flexible working. The EY benefits package goes above and beyond too, focusing on your physical, emotional, financial and social well-being. Your recruiter can talk to you about the benefits available in your country. Here’s a snapshot of what we offer:
- Continuous learning: You will develop the mindset and skills to navigate whatever comes next.
- Success as defined by you: We will provide the tools and flexibility, so you can make a significant impact, your way.
- Transformative leadership: We will give you the insights, coaching and confidence to be the leader the world needs.
- Diverse and inclusive culture: You will be accepted for who you are and empowered to use your voice to help others find theirs.
Apply now.
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.