Financial Services BCM Leader

Protecting the EY services on which our clients rely is fundamental to EY’s ability to deliver value, meet client commitments, and preserve trust. As part of EY Information Security, this role is focused on ensuring that EY’s client-facing services, platforms, applications, and technology capabilities remain resilient, dependable, and aligned to client expectations for continuity and recovery.

You will be part of a global Information Security organization of nearly 900 professionals who collaborate to ensure EY services are secure, resilient, and available. Our teams enable the secure and uninterrupted delivery of EY services, proactively manage risk, and respond rapidly to incidents to minimize disruption to client engagements and the business. Together, we help protect the EY brand and reinforce the confidence clients place in EY to support their most critical business needs.

Across Information Security, we integrate risk strategy, digital identity, cyber defense, application security, business continuity, and technology solutions to protect services throughout their lifecycle. Our work enables EY to deliver services with confidence—balancing resilience, speed to market, and long-term client value.

The Opportunity

The Technology Assurance, Risk & Policy (TARP) function establishes and maintains EY Technologies’ risk management framework, processes, tooling, and strategy. Within TARP, the Business Continuity and Crisis Management (BCCM) team plays a critical role in ensuring EY services meet our internal and client expectations for continuity, recoverability, and operational resilience.

As client expectations continue to evolve, this role directly supports EY’s commitment to delivering reliable, resilient services by partnering with client-serving teams to assess, design, and maintain business continuity and disaster recovery capabilities that align with both EY standards and client-defined requirements.

Your Key Responsibilities

As a Client Engagements Business Continuity Leader, you will work closely with client service account teams, EY Technology, and risk stakeholders to ensure EY services supporting client engagements meet agreed continuity and recovery expectations.

Key responsibilities include:

• Directing and partnering with client service account teams and EY Technology teams to develop, maintain, and validate business continuity and disaster recovery programs for EY services on which clients depend.
• Understanding client‑defined business continuity and disaster recovery requirements and translating those requirements into clearly defined execution expectations by assessing EY’s current recovery capabilities against those expectations.
• Identifying gaps, risks, or limitations that could impact client confidence or service delivery and leading cross‑team efforts to define remediation strategies.
• Supporting and overseeing development of client‑specific Business Continuity Plans (BCPs), Disaster Recovery Plans (DRPs), and testing strategies that align with client requirements and EY’s BCCM policies and standards.
• Consulting with and providing authoritative guidance to technology, risk, and operational teams to ensure continuity controls are implemented consistently and effectively across client‑supporting applications and services.
• Managing and tracking remediation activities related to business continuity and resilience risks impacting client services, holding contributing teams accountable for delivery against agreed commitments.
• Driving delivery of agreed roadmaps and workstreams with a strong focus on execution, accountability, measurable outcomes, and deadlines in a fast‑paced, client‑driven environment.

Leadership & Stakeholder Governance

While this role does not include direct people management responsibilities, it carries significant indirect supervisory accountability across engagement teams, service lines, technology, and risk functions. In a dotted‑line capacity, the Client Engagements Business Continuity Leader is expected to:

• Set and communicate clear expectations for business continuity and disaster recovery outcomes by defining scope, timelines, quality standards, success criteria, and required deliverables across engagement teams and supporting functions.
• Coordinate and align activities across multiple teams to ensure integrated, end‑to‑end delivery of client‑specific continuity and resilience outcomes.
• Serve as the single point of accountability for execution of agreed continuity remediation plans, regardless of where work is performed.
• Oversee execution by monitoring progress, identifying delivery risks or delays, intervening to course‑correct where necessary, and escalating blockers or competing priorities to ensure commitments are met.
• Provide ongoing guidance, coaching, and subject‑matter direction to teams performing BC/DR activities to ensure alignment with leading practices, EY standards, and client requirements.
• Enable sustainable capability by transferring knowledge, frameworks, tools, and best practices, reinforcing expectations through targeted education, structured feedback, and continuous engagement.
• Influence prioritization decisions across service lines and technology teams when continuity risks present material client, regulatory, or reputational exposure.
• Escalate execution issues, resource constraints, and risk acceptance decisions to senior leaders when outcomes are at risk, and objectively represent execution status, risks, dependencies, and required decisions to stakeholders.
• Operate effectively within a matrixed environment by balancing influence, collaboration, and constructive challenge to achieve outcomes without formal authority.
• Model inclusive, respectful leadership while maintaining firmness on risk, compliance, accountability, and delivery expectations, serving as a role model for transparency and disciplined execution across dotted‑line relationships.
• Lead strategic conversations with senior business and technology stakeholders by structuring ambiguous resilience issues, communicating risks and tradeoffs clearly, negotiating practical paths forward, and driving alignment with established BC/DR policies and procedures.

Service Quality: 

• Ensure the high‑quality delivery of services to senior business stakeholders, reinforcing execution discipline and accountability for continuity outcomes, emphasizing risk management leading practices.
• Maintain Client-focused mindset with the ability to assess risk through the lens of service reliability, engagement impact, and client confidence.

Strategic Relationship Management: 

Foster relationships with senior executive stakeholders by establishing trust as a business advisor, while guiding teams to align mitigation strategies to client contractual requirements. Work closely with different Service Lines to tailor risk mitigation strategies to their unique needs as determined by client contractual requirements. This requires understanding their business and technological needs, dependencies, and the potential threats they face.

Risk Management: 

• Coordinate with BCCM and technology teams to assess potential technology risks facing the client service team’s capabilities by leveraging the TARP methodology in alignment with the Service Line risk and business priorities, directing execution of agreed assessment and remediation activities. Seek opportunities for improvement or mitigation of business interruption and other risks caused by business, regulatory, or industry‑specific change initiatives.
• Identify opportunities to reduce business interruption risk arising from regulatory, industry, technology, or operational change, ensuring accountability for follow‑through.
• Translate complex resiliency risks into specific activities and workstreams that teams can execute to improve risk posture, assigning ownership and monitoring progress.

Strategy Development and Execution:

• Develop and implement a strategy to develop an end-to-end BC/DR planning cycle with service line teams. This includes streamlining processes and embedding best practices and innovation within the service line to improve efficiency and minimize rework.
• Lead strategic conversations with stakeholders to influence decisions, drive adoption of continuity practices, and secure commitment to remediation plans.

Compliance: 

Lead educational initiatives on business continuity and resiliency within each in‑scope engagement team and service line, directing participation and reinforcing expectations. This might involve formal training sessions, production of written guidelines and materials, and regular communication on key issues, as well as using the Firm’s BC planning tool, CL360.

Training and Education: 

• Lead educational initiatives on business continuity and resiliency within each in-scope engagement team and service line. This might involve formal training sessions, production of written guidelines and materials, and regular communication on key issues, as well as using the Firm’s BC planning tool, CL360.
• Educate and influence business and technical teams on business continuity leading practices through training, guidance, and consistent communications.

Reporting: 

Regularly report on technology risks to senior management, providing objective assessments of execution status, risks, impacts, and required decisions. This involves explaining the potential impact on the organization’s operations, the measures taken to address the risks, and any recommended changes.

Inclusivity: 

Support an inclusive and flexible work environment where account teams feel they are valuable team members who can openly and constructively challenge one another, while maintaining clear accountability for delivery of continuity outcomes.

As an Associate Director within the TARP BCCM team, you will also be responsible for leading and governing stakeholder engagement related to client‑specific continuity outcomes:

• Manage and influence stakeholders at the PPEDD/PPMDD level who lead critical business, audit, consulting, and supporting technology services, setting expectations for continuity execution and holding leaders accountable for delivery. This includes Engagement/Solution Leaders, Service Line Quality Leaders, Service Line Technology Officers, Area Risk Leaders, and Regional Risk Leaders.
• Reinforce the BCCM team’s vision, goals, and objectives by aligning projects, execution priorities, and stakeholder commitments to those objectives.
• Develop a strong understanding of the current state of BC/DR capabilities supporting EY’s largest and most complex client engagements.
• Provide informed recommendations to balance client expectations, EY policy requirements, and operational feasibility.
• Operate independently while maintaining close alignment with the BCCM Program Leader and broader governance structure.

Skills and attributes for success

• Strong ability to partner with client-serving leaders and technology teams to design continuity solutions that meet client expectations while aligning to EY policies and standards.
• Demonstrated ability to lead strategic conversations with stakeholders to influence decisions, drive adoption of continuity practices, and secure commitment to remediation plans.
• Client-focused mindset with the ability to assess risk through the lens of service reliability, engagement impact, and client confidence.
• Ability to identify opportunities to reduce business interruption risk arising from regulatory, industry, technology, or operational change.
• Clear and concise communication skills, including the ability to present continuity risks and recommendations to both technical and non-technical stakeholders, including senior leadership.
• Demonstrated leadership, negotiation, and collaboration skills, with the ability to influence up and down the organization to achieve resilience outcomes.
• Ability to translate complex resiliency risks into specific activities and workstreams that teams can execute to improve risk posture.
• Experience implementing Business Impact Assessments (BIAs) and BC/DR processes using enterprise tools, including CL360.
• Ability to educate and influence business and technical teams on business continuity leading practices through training, guidance, and consistent communications.
• Commitment to fostering an inclusive and flexible working environment where stakeholders and team members can openly and constructively challenge to improve outcomes.

To qualify for the role, you must have

• Experience in business continuity, disaster recovery, IT risk management, or related disciplines, preferably within large, complex, or multinational environments.
• Proven ability to manage multiple priorities, adapt to change, and operate effectively in a fast-paced environment while maintaining delivery discipline.
• Strong collaboration skills across cultures, regions, and disciplines, including experience working across globally dispersed stakeholders.
• Sound judgment in balancing EY risk standards with business impact and client commitments, including confident escalation and recommendation of options when tradeoffs exist.
• Ability to work within established policies while exercising independent decision-making and leading stakeholders through ambiguity when implementing business continuity processes.
• Excellent written and verbal communication skills in English, including confidence communicating with senior stakeholders.

Required experience

• 10+ years of relevant experience in IT, Business Continuity, Disaster Recovery, IT Risk Management, or similar roles, including experience leading cross‑functional delivery without direct reporting authority.
• Working knowledge of frameworks such as ISO, COBIT, and unified compliance frameworks, sufficient to set expectations, challenge execution approaches, and validate outcomes delivered by other teams.
• Experience in governance, risk, and compliance as it applies to technology and service delivery, including oversight of compliance execution across distributed teams.
• Demonstrated competence in directing and overseeing roadmap delivery and managing multiple workstreams to completion, including milestone definition, progress tracking, reporting, and deadline management.
• Advanced degree in Computer Science, Information Security, or related discipline, or equivalent experience.
• Relevant certifications such as BCI (AMBCI/MBCI) or DRII (CBCP).
• Proven competence in communicating confidently and effectively with clients, vendors, and all levels of management, including setting expectations and reinforcing accountability.
• Demonstrated leadership, negotiation, and collaboration skills, with the ability to influence priorities, resolve conflicts, and drive execution across dotted‑line teams.
• Proven ability to manage multiple initiatives concurrently in a fast‑paced, changing environment, maintaining delivery discipline across contributors who do not report directly to the role.

Preferred experience

• Strong knowledge of ISO 22301, ISO 27001/27002, and ISO 31000, applied in an execution‑oversight context.
• Experience with enterprise BC tools, including CL360, to direct consistent use and reporting by contributing teams.
• Business continuity experience supporting large financial institutions or highly regulated clients, where execution is distributed across multiple stakeholders.
• A strong understanding of EY Business and Service Line Risk Priorities, to align and direct continuity execution efforts accordingly.
• Clear comprehension of how risk mitigation resources are allocated alongside other business resources (budget, personl, time), to influence prioritization decisions and resolve competing demands across teams.
• A strong understanding of business team priorities and the ability to define a resiliency strategy that aligns with those priorities, while holding teams accountable for execution.
• Understanding of economic and geopolitical risk factors and trends that must be considered to maintain technology resiliency standards, and to guide teams in adjusting execution plans accordingly.
• Knowledge of international, area, regional, and country regulations regarding Business Continuity and Resiliency, to ensure consistent application across geographically dispersed teams.
• Strong understanding of external resiliency trends and standards, enabling the role to challenge, guide, and validate execution approaches adopted by service lines and technology teams.
• Ability to collaborate effectively across cultures and regions, leading execution through influence, clarity of expectations, and disciplined follow‑through.
• Understanding of KPIs related to service resilience and continuity, including the ability to define, monitor, and report performance expectations for contributing teams.
• Project and service delivery experience, including service transition, with accountability for outcomes delivered by others.
• Familiarity with regulatory requirements impacting business continuity.
• Working knowledge of cloud platforms (Azure, AWS), sufficient to challenge design decisions and validate resilience controls implemented by technology teams.
• Experience with reporting and visualization tools such as Power BI.

What we look for

We are looking for professionals who think critically, communicate clearly, and approach continuity and resilience through a client-service lens. Success in this role requires collaboration, problem-solving, and the ability to translate risk and resilience into confidence for clients and the business—while leading stakeholders through ambiguity to measurable outcomes.