TC-CS-SRCR-Manager-Third Party Risk

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

Job Title

Cybersecurity Third Party Risk Management (TPRM) Manager

Job Description

The Cybersecurity Third Party Risk Management (TPRM) Manager will Manage activities related to the program, including, but not limited to, scoping third parties, performing assessments to evaluate third party security controls and policies, and reporting out on the findings.

Job Responsibilities

• Plan and drive the TPRM program identifying the Third parties
• Perform cybersecurity third party risk assessments, evaluate third party security controls and policies.
• Thoroughly review and document issues found in SOC 2 reports.
• Articulate risks and potential options for remediation to internal partners and third parties, both in meetings and written communications
• Support operational processes and maintain standard work documentation
• Obtain, maintain and apply knowledge on cybersecurity procedures and directives and translate that knowledge into business requirements.

Basic Qualifications

• Bachelor’s degree from an accredited university in Cybersecurity, Information Security, Computer Science, Management Information Systems or related fields
• Ten+ years’ experience in Cybersecurity or Information Technology
• Experience working in cybersecurity third party risk management and analyzing the cybersecurity posture of third parties.
• Familiarity with industry standard TPRM security control questionnaires, CAIQ and SIG

Key Competencies

• Excellent written and verbal communication with ability to explain complex issues to technical and non-technical users across the enterprise.
• Strong organizational skills with the ability to follow and assess adherence to standard processes
• Strong analytical and critical thinking skills
• Ability to adjust to multiple demands, changing priorities, and rapid change, while multitasking effectively
• Strong collaboration and coordination skills
• Proficient in Microsoft O365 products

Ideal Candidate Will Also Have

• Experience reviewing independent audit attestation such as SOC 2 Type 2 or ISO 27001
• Knowledge of information security frameworks, ISO 27001, ISO 27002, NIST CSF, NIST 800-82
• One or more professional information security certifications from an accredited institution: CTPRP, CTPRA, CISSP, CRISC, SANS/GSEC, CCSP

EY | Building a better working world 

 
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.  

 
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  

 
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.