Associate Director- Global Assurance Audit Technologies

At EY, we’re all in to shape your future with confidence. 

We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go.  Join EY and help to build a better working world.

The opportunity

As a Security Consulting Program Manager within EY’s internal Security Consulting and Assurance team,  this individual will be responsible for designing security architecture to address business requirements.   This will include all aspects of information security applicable to EY’s internal and client facing technology solutions. This role leads and advises teams who deliver complex programs or solutions that  address EY business requirements at the global, area, or industry sector levels. The role will include the  performance of the following tasks: defining and designing the security architecture of new and existing  systems; performing top/down risk assessment activities related to deployments, upgrades, 
configuration upgrades, and analysis of technologies introduced for supporting technical operations.  

The Program Manager will act as an intermediary between the business and the technical community to  understand business requirements, define the security architecture, and support development and  engineering teams with end-to-end management. As a trusted advisor, this individual will function  within the program’s technology team to continually promote security-by-default design and facilitate  delivery of information security services throughout the system development life cycle (SDLC). The  Security Consulting Program Manager will direct technology teams in the implementation of appropriate risk treatment and mitigation options to address security vulnerabilities and is responsible for the  translation of vulnerabilities into business risk terminology for communication to product owners and  business leadership stake holders. 

Essential functions of the job

• Application architecture and application security principles and practices is a must. 
• Define security architectures and provide pragmatic security guidance that balance business benefit and risks. 
• Engage technology teams in order to evaluate and prescribe security controls at all touchpoints throughout the technology architecture 
• Define security configuration standards for platforms and technologies 
• Provide knowledge sharing and technical assistance to other team members 
• Act as Subject Matter Expert (SME) in responsible technologies and have deep technical  understanding of responsible portfolios 
• Perform risk assessments of information systems and infrastructure   
• Maintain and enhance the Information Security risk assessment methodology 
• Develop appropriate risk treatment and mitigation options to address security risks identified  during security review or audit 
• Translate technical vulnerabilities into business risk terminology for business units and  recommend corrective actions to customers and project stake-holders 

Knowledge and skills requirements 

• Cloud technologies (MS Azure specifically) 
• Strategic skills to drive secure technology architectures and software solutions, identify security risks and prescribe mitigating security measures in accordance with the firm’s risk tolerance  level. 
• Five or more years working experience with the architecture, design and engineering of web-based multi-tier information systems or network infrastructures
• Experience with security architecture, design and assessment of accounting and auditing systems.
• Ability to appropriately balance firm security needs with business impact & benefit
• Ability to facilitate compromise to incrementally advance security strategy and objectives
• An overall understanding of the business objectives of EY with an ability to build relationships with business partners and across EY IT
• Ability to team well with others to facilitate and enhance the understanding & compliance to security policies
• Experience facilitating meetings with multiple customers and technical staff, including building consensus and mediating compromise
• High degree of tolerance for ambiguity
• Experience conducting risk assessments, vulnerability assessments, vendor and third-party risk assessments and recommending risk remediation strategies  
• Experience working with common security tools and methods to identify security exposures and business risks
• Experience working with common information security standards, such as: ISO 27001/27002,
• NIST, PCI DSS, ITIL, COBIT 

Job Requirements 

• Education 
  • An advanced degree in Computer Science or a related discipline, or equivalent work experience 
• Required Experience 
  • Eight (8) or more years of experience in security architecture, application security, networking, data center configuration, cloud technology,   Prior experience managing Information Security programs
  • Five (5) years or more experience in an Information Security or Information Technology discipline
  • Experience in MS Azure Cloud and security related configurations and options
  • Experience working with complex projects with global deployments
  • Familiarity with information system attack methods and vulnerabilities
  • Excellent ability to analyze and translate business cases, product roadmaps and program goals into information security strategies
  • Experience in the Agile development lifecycle
  • Experience in managing the communication of security findings and recommendations to IT  project teams and product owners
  • Exceptional judgment, tact, and decision-making ability
  • Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change  Outstanding time and tasks management, interpersonal, communication, organizational, and decision-making skills 
  • Strong English language skills are required
• Desired Experience
  • Experience with other cloud technology solutions, Amazon AWS, etc.
  • Experience in technologies such as block chain, RPA, AI, etc.
  • Knowledge of third-party risk assessments, IT security tools, incident response operations, data privacy, etc.

What we offer you
The compensation ranges below are provided in order to comply with United States pay transparency laws. Other geographies will follow their local salary guidelines, which may not be a direct conversion of published US salary ranges. At EY, we’ll develop you with future-focused skills and equip you with world-class experiences. We’ll empower you in a flexible environment, and fuel you and your extraordinary talents in a diverse and inclusive culture of globally connected teams. Learn more.

• We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business.  The base salary range for this job in all geographic locations in the US is $152,700 to $294,000.  The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $183,300 to $334,100.  Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography.  In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options.
• Join us in our team-led and leader-enabled hybrid model. Our expectation is for most people in external, client serving roles to work together in person 40-60% of the time over the course of an engagement, project or year.
• Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.

Are you ready to shape your future with confidence? Apply today. 
EY accepts applications for this position on an on-going basis.  

For those living in California, please click here for additional information.

EY focuses on high-ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities.

EY  |  Building a better working world

EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets.

Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow.

EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law.  

EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process,  please call 1-800-EY-HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY’s Talent Shared Services Team (TSS) or email the TSS at ssc.customersupport@ey.com.