EY Client Security Consulting & Assurance Legal Specialist 

United States, New Jersey 

685503443

As a CSCA Assistant Director, you will be responsible for managing all information security aspects of a client contract from reviewing, redlining, and negotiating terms with clients. You will be expected to interact with senior level leaders within the EY account team, internal stakeholders including but not limited to General Counsel’s Office, Data Privacy and EY Technology.

This role requires exceptional proficiency in spoken and written English and strong communication skills tailored to audiences at all tiers of the organization.

No travel is anticipated for this position.

Your key responsibilities

• Review and assess contracts for compliance ensuring adherence to relevant information security frameworks, standards such as ISO27001, NIST, and GDPR while aligning with EY organizational policies and regulatory standards. Identify potential risks associated with contract terms related to data protection and information security, providing recommendations for mitigation.
• Work closely with legal teams, engagement teams, and clients to negotiate contract terms that safeguard client information while meeting business objectives.
• Provide training and support to internal teams on information security requirements related to contracts, fostering a culture of compliance and awareness.
• Work independently with minimal supervision from management.

Skills and attributes for success

• Excellent verbal and written communication skills, with the ability to convey complex information clearly and effectively to diverse audiences.
• Strong analytical and problem-solving abilities, with attention to detail and the capacity to assess risks and recommend solutions.
• Demonstrated ability to manage time effectively, prioritize tasks, and balance multiple workloads in a fast-paced environment while maintaining high standards of quality and compliance.
• Bachelor’s degree in information security, Law, Business Administration, or a related field.
• CISM, CRISC, CISSP, or similar industry-recognized certifications are preferred.
• Proven experience in contract review and information security, preferably within a large corporate environment.Strong understanding of information security principles, data protection regulations, and relevant industry standards.
• Fluent in English with excellent verbal and written communication skills, with the ability to convey complex information clearly and effectively to diverse audiences.
• Strong analytical and problem-solving abilities, with attention to detail and the capacity to assess risks and recommend solutions.
• Ability to work collaboratively in a team-oriented environment, building relationships with stakeholders across various functions.
• Ability to work independently with minimal supervision, taking initiative and ownership of tasks to deliver high-quality results within established deadlines.

Ideally, you’ll also have a selection of the following

• Fluency with contract management tools.
• Skilled in negotiating contracts and managing stakeholder relationships.
• Knowledge of emerging trends and technologies in information security.