TC-CS-SRCR-Manager-IT Governance

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

Job Title

Cybersecurity Governance Manager

Job Description

This Governance manager will manage Enterprise Cybersecurity Governance organization and is essential to the effective identification, prioritization and mitigation of security and compliance risks. The successful candidate will possess strong analytical skills and experience, knowledge of the global cybersecurity industry (e.g., standards, regulations, trends, systems security configuration best practices), and be an analytical person and an excellent communicator.

Job Responsibilities

• Maintain strong knowledge and understanding of global operating environment, enterprise cybersecurity landscape as well as the Enterprise Cybersecurity Governance Framework (ECGF) and its inherent components.
• Maintain strong knowledge of adopted cybersecurity standards,
• frameworks, and applicable regulatory obligations (e.g., ISO-27001/2, PCI, CMMC, CIS, NIST)
• Develop and execute a robust monitoring program for on-going processes and procedures across key domains within the enterprise cybersecurity program.
• Engage cybersecurity process owners in understanding identified issues, incidents, and other noted anomalies, providing relevant input/review insights, while integrating technical expertise and business understanding to propose innovative solutions to complex problems as applicable.
• Track and monitor identified problems (i.e., incidents, exceptions, anomalies)
• Work on complex problems where analysis of situations or data requires an in-depth evaluation of multiple factors, providing mentoring and guidance to relevant SMEs
• Exercise significant independent judgment to determine best method for accomplishing work and achieving objectives.
• Assess new, or changes to existing security processes, and follow change management process to make improvements as applicable.
• Establish and maintain relationships with key business partners across the organization.
• Serve as a liaison in the internal and external audits, provide supporting evidence and assess any identified issues and remediation action plans.
• Partner with security SMEs and stakeholders across the enterprise in conducting root cause analysis of security incidents, exceptions, and anomalies.
• Consistently demonstrate excellent stakeholder collaboration, communication, and customer-oriented skills, and project management capabilities

Basic Qualifications

• Bachelor’s degree from an accredited college/university
• At least two (2) relevant cybersecurity certifications (e.g., CISM, CISSP, CCSP, GIAC, CISA,
• CRISC).
• 10+ years working with global cybersecurity industry standards, frameworks, and
• regulatory requirements such as ISO-27001/2, PCI, CMMC, NYDFS, FFIEC, SWIFT, CTPAT
• 5+ years of experience working with the Microsoft Office/O365 Suite
• 5+ years of data management, analysis, transformation, systems workflow modeling and
• implementation
• IT consulting experience is a plus.

Key Competencies

• Excellent written and verbal communication with ability to explain complex issues to technical and non-technical users across the enterprise.
• Strong organizational skills with the ability to follow and assess adherence to standard processes.
• Strong analytical and critical thinking skills
• Ability to adjust to multiple demands, changing priorities, and rapid change, while multitasking effectively
• Strong collaboration and coordination skills

Ideal Candidate Will Also Have

• Experience reviewing independent audit attestation such as SOC 2 Type 2 or ISO 27001
• Knowledge of information security frameworks, ISO 27001, ISO 27002, NIST CSF, NIST 800-82
• One or more professional information security certifications from an accredited institution: CTPRP, CTPRA, CISSP, CRISC, SANS/GSEC, CCSP

EY | Building a better working world 

 
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.  

 
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  

 
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.