Expoint - all jobs in one place

Finding the best job has never been easier

Limitless High-tech career opportunities - Expoint

EY Control & Risk Assessment Leader 
United States, New Jersey 
909722601

02.07.2024

Skills and attributes for success

  • Plan and build multi-year roadmap to establish and mature the Control & Risk Assessment team. This includes development of the team’s charter, identification of resource needs, ongoing monitoring systems and tool requirements, and workstream prioritization.
  • Build a Control and Risk Assessment program that identifies potential risks and validates mitigation controls by conducting regular and systematic assessments of the organization's IT infrastructure, including networks, systems, applications, and data processes.
  • Based on results of assessments and testing, assist control owners with the design and implementation of their controls in the organization's IT environment. Strategize on the appropriate amount of preventive, detective, or corrective controls which will have the most impact on reducing overall risk for the firm.
  • Create a 1st Line Testing framework that can be shared with control owners that will enhance security culture and support control ownership roles and responsibilities. Conduct training and awareness campaigns to facilitate the adoption of the framework.
  • Appropriately balance firm security needs with business impact and benefit when recommending advancements in policy and control objectives and directing those efforts to completion.
  • Think strategically to assist with the development of a long-term vision for Information Security’s Technology Assurance, Risk, and Policy direction inclusive of its program improvement, technology adoption, and integration of security solutions into business objectives.
  • Act as a thought leader in the firm, staying informed of changes in information security, regulatory requirements, audit standards, and industry trends, adjusting strategies, as necessary.
  • Build and maintain appropriate relationships with internal and external leaders to ensure awareness and understanding of potential strategic directions.
  • Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change.
  • Outstanding management, interpersonal, communication, organizational, and decision-making skills.
  • Ability to understand and integrate cultural differences and motives and to lead cross cultural teams.
  • Demonstrate integrity and judgment within a professional environment.
  • Evaluate, counsel, mentor and provide feedback on performance of others.
  • Plan the training and development of staff to develop their skills and maintain state-of-the-art knowledge in information security.

To qualify for the role you must have

  • 10+ years of experience in the Information Technology, Information Security and/or Risk Management field(s).
  • Audit experience or a demonstrated ability to design and test technology controls.
  • 5+ years of experience in managing and mentoring junior and senior level staff.
  • Experience leading global and virtual teams.
  • High proficiency in technical and general writing skills in English.
  • An advanced degree in Computer Science, Information Security, or a related field; equivalent work experience will be considered on a case-by-case basis.
  • One or more of the following or equivalent certifications preferred: Certified Risk and Information Systems Control (CRISC), Certified Information Systems Security Processional (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), Certified Internal Auditor (CIA), Global Information Assurance Certification (GIAC) in related area, CIPP, CIPT.

Ideally, you’ll also have

  • A working knowledge of external control standards like ISO 27001, NIST 800-53, COBIT, etc. and regulatory requirements like GDPR and SOX.
  • Skilled in Microsoft Office and M365 products; primarily Word, Excel, PowerPoint, SharePoint, PowerApps, and PowerBI.
  • Experience with RSA Archer or other GRC tools.
  • Flexibility to work outside of normal business hours when engaging with team members and stakeholders in various time zones.
What we offer
The compensation ranges below are provided in order to comply with United States pay transparency laws. Other geographies will follow their local salary guidelines, which may not be a direct conversion of published US salary ranges.
We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business. The salary range for this job in most geographic locations in the US is $136,300 to $254,900. The salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $163,600 to $289,600. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
  • Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
  • Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
  • Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
  • Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.
If you can demonstrate that you meet the criteria above, please contact us as soon as possible.
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.