Apply now »

Technology Risk Ch2 - Senior Consultant - Toronto

Location:  Toronto
Other locations:  Primary Location Only
Salary: Competitive
Date:  Nov 12, 2022

Job description

Requisition ID:  699021

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.


Being part of a dynamic, growing organization offers an exciting career path full of opportunity. EY Consulting Services is a $4 billion global practice with 18,000 professionals. With an overall Consulting market of $150 billion, there's tremendous potential for growth - and we're prepared to tap into that potential. Our Consulting team takes a strategic approach to helping clients improve and sustain their business performance. In today's complex business environment that means understanding the relationship between risk and performance improvement and applying our knowledge to help clients achieve their business objectives.

Now more than ever, we need talented people from diverse backgrounds to help our clients navigate the complexities of this Transformative Age: people with the passion, curiosity and drive to make things better. In return, we’ll provide you with an exceptional experience that will develop and enrich you, whenever you join or however long you stay. And should you choose to leave, you’ll be a part of a powerful network of more than 1 million alumni around the world. Sound interesting? Well, this is just the beginning. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. 
We are currently seeking Senior Consultants to join our Technology Risk Practice in Canada.
Technology Risk
Our Technology risk practice, a specialty group within our Business Consulting provides comprehensive risk services that help companies around the world evaluate and enhance their technology, Cybersecurity and internal audit risk management functions. Professionals in this role will work within the National Technology risk practice and will be engaged in multiple types of technology risk related engagements. As a member, you will contribute to Technology risk client engagements and internal projects. An important part of your role will be to actively establish internal and external relationships. You will also identify potential business opportunities for EY within existing engagements and escalate these as appropriate. Similarly, you will anticipate and identify risks within engagements and raise any issues with senior members of the team. In line with EY's commitment to quality, you'll confirm that work is of high quality and is reviewed by the next-level reviewer


Your key responsibilities

  • Establishing relationships with client personnel at appropriate levels. Consistently delivering quality client services. Monitoring progress, managing risks and ensuring key stakeholders are kept informed about progress and expected outcomes. Staying abreast of current business and industry trends relevant to the client’s business
  • Demonstrate in-depth technical capabilities and professional knowledge. Demonstrate ability to assimilate to new knowledge.
  • Possessing good business acumen. Remaining current on new developments in Advisory services, capabilities and industry knowledge
  • Improving clients' efficiency and effectiveness through the design of their operations, processes, risk, controls, information technology and business functions
  • Executing procedures, performing detailed data analysis, reaching conclusions, documenting results and suggesting ideas for efficiencies
  • Demonstrate and apply a thorough understanding of complex information systems. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations.
  • Taking full responsibility for tasks, including consistent review of own work to identify and improve an approach for producing high quality
  • Technology and Cybersecurity Audits – Execution of IT related audit procedures (beyond ITGCs), audits against NIST and other information security frameworks, Audits to support Internal Controls over Financial Reporting and SOX on behalf of management or internal/external audits
  • Internal Controls Support: Focus on providing recommendations for IT General Controls and IT enabled business processes
  • Service organization reporting – Focus on the issuance of third-party reports in the form of 3416 reports, SOC 1 & SOC 2 reports, etc.
  • Provide high quality professional day-to-day management of engagements/projects supporting IT Transformation.
  • Understand EY’s practices and broader service offerings and identify potential opportunities to improve such service offerings
  • Lead and manage projects that help clients assess their process and IT risk program maturity, develop recommendations and implement those recommendation. Their IT risk program could include application, infrastructure and third-party risk management.
  • Lead and support on-site coordination role for clients including planning, briefing team on the client's IT environment and industry IT trends, communicating with the clients and completing consulting and/or audit engagements
  • Maintain relationships with clients to manage expectations of service, including work products, timing, and the value to be delivered.
  • Prepare IT reports on the adequacy and effectiveness of control structure, along with practical recommendations to improve the effectiveness, efficiency of a control or process.
  • Able to discuss and resolve issues and recommendations with client management.
  • Demonstrate a thorough understanding of complex information systems and apply it to client situations
  • Lead and provide relevant support to the teams of senior consultants and consultants, including delivering formal IT Governance, Risk and Controls related trainings.
  • Maintain long-term client relationships and networks as well as cultivate business development opportunities.


Skills and attributes for success

  • Strong skills in project management 
  • Strong technical skills and deep understanding of IT Governance, Risk, Security and Controls 
  • Strong analytical, interpersonal and communication skills and a strong desire to work in a team environment
  • Demonstrated integrity, values, principles, and work ethic
  • Strong experience interacting with clients at all levels including Leadership 
  • Strong written, communication, and presentation skills
  • Strong team working abilities
  • A passion to contribute to the continued growth of the practice


  • A minimum of 3-5 years of experience in one or more of the following areas: technology risk, Cybersecurity, IT risk assessments, IT Controls and audit, IT Operations and administration, IT Security Operations, IT Program Management and/or Technology implementation and transformation projects
  • Bachelor’s Degree (or higher) in Business Administration, Commerce, Computer Science, Management Information Systems, Engineering, Information Security and/or other related majors
  • Possessing relevant designation(s) or working towards one (e.g., CISA, CRISC, PMP, CIPP, CDPSE etc.) is required.
  • Knowledge and/or hands-on experience with key components of cybersecurity and technology controls such as application security, network & infrastructure security, access and identity management, change management, business continuity, incident management, vulnerability management, risk and compliance, data protection, cloud security, privacy, third party risk and others
  • Hands-on experience and/or demonstrated knowledge of COBIT, NIST, ITIL, ISO 27000 series or other IT frameworks
  • Proficiency using SharePoint and MS Office Suite including Excel, Word, OneNote and PowerPoint.
  • Demonstrated knowledge in Emerging technologies such as Cloud, Robotic Process Automation, Blockchain would be an asset
  • Demonstrated knowledge of service organization reporting standards would be an asset.
  • Demonstrated knowledge of specific platforms such as SAP, Oracle, Guidewire, etc. and/or programming languages would be an asset.
  • Experience with data and analytics and reporting tools, such as Power BI, PowerApps or Python libraries/R is an asset.


Diversity and Inclusion at EY


Diversity and inclusiveness are at the heart of who we are and how we work. We’re committed to fostering an environment where differences are valued, policies and practices are equitable, and our people feel a sense of belonging. From our actions to combat systemic racism and our advocacy for the LGBT+ community to our innovative Neurodiversity Centre of Excellence and Accessibility initiatives, we welcome and embrace the diverse experiences, abilities, backgrounds and perspectives that make our people unique and help guide us. Because when people feel free to be their authentic selves at work, they bring their best and are empowered to build a better working world.


What we offer


At EY, our Total Rewards package supports our commitment to creating a leading people culture - built on high-performance teaming - where everyone can achieve their potential and contribute to building a better working world for our people, our clients and our communities. It's one of the many reasons we repeatedly win awards for being a great place to work.


We offer a competitive compensation package where you’ll be rewarded based on your performance and recognized for the value you bring to our business. In addition, our Total Rewards package allows you decide which benefits are right for you and which ones help you create a solid foundation for your future. Our Total Rewards package includes a comprehensive medical, prescription drug and dental coverage, a defined contribution pension plan, a great vacation policy plus firm paid days that allow you to enjoy longer long weekends throughout the year, statutory holidays and paid personal days (based on province of residence), and a range of exciting programs and benefits designed to support your physical, financial and social well-being. Plus, we offer:

  • Support and coaching from some of the most engaging colleagues in the industry
  • Learning opportunities to develop new skills and progress your career
  • The freedom and flexibility to handle your role in a way that’s right for you


EY Way of Work and your health and safety


EY Way of Work recognizes flexibility in the way we collaborate, innovate and deliver with the ability to work in-person and remotely. To support a healthy and safe in-person working environment, EY has implemented various layers of health and safety controls while working in the office or at client or other locations. A critical component of EY’s workplace safety program includes our COVID-19 vaccination policy which requires all personnel to be fully vaccinated against COVID-19 unless an accommodation based on a reason protected by human rights legislation is provided. 


If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.


Make your mark. Apply today.


EY is committed to inclusiveness, equity and accessibility. We encourage all qualified candidates to apply


EY | Building a better working world 


EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.


Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  


Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.  

Apply now »