Technology Consulting - GRC, Senior Consultant
Job description
Technology Consulting- GRC, Senior Consultant :
General Information
Location: Dublin
Available for Work Visa Sponsorship: No
Business Area: Tech consulting – Cyber Security
Contract Type: Full-Time – Permanent
EY’s cyber security practice is one of the fastest growing areas of the business with significant ambition for the future through additional recruitment and acquisition. As part of our cyber team, you will be providing cyber risk advisory support and direction to help our clients improve their cyber security posture to respond to the dynamic nature of cyber security threats. You will provide security domain expertise and utilise your business insight to work closely with our clients to advise, design, build and deploy pragmatic security and risk solutions that will provide real and tangible benefits to protect their organisations.
Key activities for this role include the following:
- Identifying industry standards and regulatory guidelines for managing information security in order to minimise the risk of compromise of sensitive business systems.
- Leading the development, maintenance, and evaluation of organisational security policies and procedures, and working closely with engineering and operations teams to ensure systems controls meet security requirements.
- Managing and following up on the results of audits of system security and remediation efforts.
Key Responsibilities
- Design, implement, and maintain the overall IT/cyber security risk management framework across client organisations
- Perform ongoing oversight and monitoring to ensure compliance by clients with the IT/security risk management framework
- Support and challenge the assessment of IT and Security risk across all relevant areas of clients and escalate risk and control issues to the clients Chief Risk Officer as required
- Design and implement appropriate reporting on IT and Security risk status to the Board and appropriate committees
- Report and monitor the status of this to ensure risks remain within risk appetite and escalate any concerns to the clients Chief Risk Officer as required
- Support and challenge client’s IT with its ongoing/periodic Risk and Control Self-Assessments (RCSAs) and perform Quality Assurance on RCSAs to feedback any concerns
- Help drive the mitigation of key IT/security risks by identifying and recommending changes to policies and procedures, control enhancements, etc. as needed
- Maintain awareness of emerging IT/security risks and trends and raise awareness of such risks to the clients' Board, Senior Management, and governance fora/committees as appropriate
- Identify relevant IT/security regulations, interpret relevant requirements and disseminate these accordingly in the form of actionable requirements to the client’s functional areas
- Provide risk management guidance to client’s business and IT teams on IT Outsourcing requirements and initiatives
- Provide interpretation of IT/security-related regulations and guidelines and disseminate this to clients and monitor compliance with such regulations
- Develop and monitor IT/security policies and procedures (e.g. IT policy, Information Security policy, Cyber Security policy, Outsourcing policy) and implement a schedule of regular reviews to ensure that policies are kept relevant and aligned to industry expected standards
- Work in conjunction with relevant business stakeholders to ensure implementation of operational risk policies, standards, and procedures to achieve effective mitigation and treatment of IT and Security risks
- Define, develop and implement appropriate IT/security risk assurance capability and associated risk reporting (including key risk indicators)
- Work closely with the Chief Risk Officer to drive the continued development of the IT/Security risk management framework
Qualifications & Experience
- 6+ years of experience in IT/Security Risk Management in either a first line or a second line capacity. IT Audit experience is also helpful
- Experience in developing and maintaining Technology and Security risk frameworks, policies, and guidance
- The ability to develop and foster strong relationships with relevant business stakeholders;
- Proven communication skills, ability to work effectively with and influence stakeholders at all levels of an organisation
- Strong understanding of technology/security risk and control and the business impacts of these risks, in particular, how they impact clients and their reputation
- Strong communications skills, proven ability to work effectively with and influence the actions of stakeholders at all levels of clients. Credibility to influence Senior Management and wider internal and external stakeholders
- Strong interpersonal skills and a team player;
- Professional or third level qualification ideally in Risk, Compliance, Information Technology, Business or Finance
- Knowledge of Operational Risk requirements and industry guidelines for IT and security risk management and mitigation within financial services
- Good knowledge in relevant IT/Security domains (e.g. Application Development, Change Management, Application Security, Security Operations, Cyber Security Monitoring, Vulnerability Management, Incident Management, Identity and Access Management or Cloud Security/Infrastructure)
- Professional certifications in the field of Operational Risk Management, IT Risk Management, Information Security, Cyber Security, etc. are highly recommended (e.g. CRISC, CISA, CISM, CISSP, ITIL, COBIT 2019, ISO2700X, NIST CSF, etc.)
- Successful history in performing internal and/or external audits, including a focus on IT, Information Security, IT Continuity and Resilience, IT Disaster Recovery, and IT Outsourcing risk
- Successful history of third-party risk management experience. Experience performing third party risk assessments in areas including but not limited to Privacy and Information Security
What working at EY offers
We offer a competitive remuneration package. Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well-being, insurance, savings and a wide range of discounts, offers and promotions. Plus, we offer:
- Support and coaching from some of the most engaging colleagues around
- Opportunities to develop new skills and progress your career
- The freedom and flexibility to handle your role in a way that’s right for you
All our employees are given a benefits package which they can tailor to suit their individual preferences. Our range of benefits include:
- Pension
- Maternity & Paternity leave
- Discounted health insurance
- Bike to work Scheme
- Web Doctor - Free unlimited online GP consultations for you and your family
- Recognition Awards
- The purchase of additional annual leave
- Cash incentives for referrals
- Hybrid Working
- Work Mobile
- Free Gym membership ·
- TECH MBA paid by EY
- Travel Pass
- Wellness rooms Available in some offices
EY is committed to being an inclusive employer and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.
Career Progression
- When you join EY, you will be supported to ensure that you are enhancing your skills from day one.
- Continuous learning, where you can develop the mindset and skills to navigate whatever comes next.
- As you grow and develop here, you’ll discover opportunities to help customise your career journey, so that it’s as unique as you are - success is defined by you, we will provide the tools and flexibility, so you can make a meaningful impact, your way.
- Transformative leadership, we will give you the insights, coaching and confidence to be the leader the world needs.
- Diverse and inclusive culture, you will be embraced for who you are and empowered to use your voice to help others find theirs.
- We have embraced Hybrid working at EY adding greater flexibility and autonomy to the roles of our employees.
About EY
As a global leader in assurance, tax, transaction and advisory services, we’re using the finance products, expertise and systems we’ve developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.
Inclusion & Diversity
We hold a collective commitment to foster an environment where all differences are valued and respected, practices are equitable and everyone experiences a sense of belonging: Inclusion, diversity, and equity are part of who we are at EY. We believe that the highest-performing teams maximize the power of different perspectives and backgrounds. These teams are both diverse and inclusive and are willing to invite and learn from other perspectives. Our ability to include various viewpoints into our mindsets, behaviours and operations is fundamental to driving innovation, building strong relationships, and delivering the best solutions for our clients.
We recognise the strength that comes from having a diverse workforce and building a culture where we support all our people to achieve their potential. You’ll be embraced for who you are and empowered to use your voice to help others find theirs.
As an equal opportunities’ employer, we welcome applications from people of all backgrounds. Reasonable accommodations are offered at every stage of our recruitment process.
Join us in building a better working world. That’s Why, EY.
Apply now.
IMPORTANT: Where Agency assistance is required, our Talent Team will engage directly with suppliers. CVs / Profiles should not be shared directly with Hiring Managers. Unsolicited CVs / Profiles supplied to EY by Recruitment Agencies will not be accepted for this role.