Expoint - all jobs in one place

Finding the best job has never been easier

Limitless High-tech career opportunities - Expoint

EY GDS Consulting_Non-FS Third-Party Risk Management Consultant 
Philippines, Taguig 
693991898

15.09.2024

Key Responsibilities:

  • Assist Managers in the delivery of third-party risk management engagements, such engagements involve performing a security assessment of a client’s third- party service providers. This includes:
  • Performing security assessments of new and existing service providers
  • Performing vendor assessment reviews leveraging a SIG Lite or Full SIG
  • Verifying that all required SIG (Lite) questions have been answered by vendor and all required documentation has been received
  • Assessing vendor answers and follow up with vendor directly for questions
  • Conducting a risk analysis and assessment of vendor information and documentation against a client’s IT security and data privacy requirements
  • Identifying whether additional information should be obtained from the vendor
  • Defining appropriate risk levels and corrective actions
  • Identifying issues and work with vendor to resolve/accept
  • Following up on corrective action plans
  • Maintaining issues/items tracker and status updates for each vendor review.
  • Provide risk acceptance and/or risk remediation recommendations
  • Provide guidance and share knowledge with team members and participate in performing procedures focusing on complex, judgmental and/or specialized issues.
  • Maintain relationships with client management to manage expectations of service, including work products, timing, and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to client situations
  • Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the client's business. Demonstrate strong project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services. Understand EY and its service lines and actively assess what the firm can deliver to serve clients
  • Assist in creating innovative insights for clients, adapt methods & practices to fit operational team needs, contribute to thought leadership documents and develop new methodologies.
  • Facilitate discussions / knowledge sharing with key client personnel and contribute to EY thought leadership.
  • Maintain a strong client focus by effectively serving client needs and developing productive working relationships with client personnel. Stay abreast of current business and economic developments and new pronouncements/standards relevant to the client's business.
  • Demonstrate industry expertise (deep understanding of the industry, emerging trends, issues/challenges, key players & leading practices)

Required Qualifications:

  • Bachelor’s degree in commerce, accountancy, or other risk management practice desired
  • 6 mos - 1 year of relevant experience of any of the following:
    • Third Party Risk Management
    • Resilience Management
    • Risk and Control
  • Knowledge of various assessment types (e.g., risk assessment / vendor security assessment, risk management and controls review, audits, gap analysis, regulatory compliance review, ISO 27001 readiness, IT Policy review, cloud security assessments)
  • Understanding of key industry control frameworks (NIST Cyber Security Framework, COSO, COBIT, ISO 27000, Unified Compliance Framework, etc.), business continuity management and cloud security.
  • Understanding of Information Security policies and standards
  • Knowledge and understanding of systems architecture, infrastructure, security, and applications
  • Strong analytical capabilities
  • Excellent communications skills
  • Ability to communicate basic Information Security Risk assessment information to non-technical business leaders to ensure they comprehend the risk being assigned to them.
  • Able to effectively communicate evaluation of risk remediation plans to action plan owners to ensure that mitigation activities are appropriately addressed
  • Knowledge on business processes and their relationship to technology
  • Proficient in English both written and verbal
  • Able to work under pressure and with minimal supervision
  • Flexible to meet client demands
  • Takes accountability and ownership of his assigned tasks
  • Willing to work during client hours (EST and MST time zone) - this would be between 7pm to 4pm or 9pm-6am

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.