Quality - Senior Manger
Job description
At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.
Contract Risk Lead
Function: Delivery Excellence, Quality and Risk Management at GDS consulting
Job level: Associate Director / Senior Manager
Role Summary
The Contract Risk Lead is responsible for assessing, governing, and monitoring contractual, regulatory, privacy, security, operational, AI, and delivery risks associated with GDS-supported engagements. The role ensures that contract obligations, regulatory requirements, client-specific commitments, and internal risk policies are understood, operationalized, and continuously monitored throughout the engagement lifecycle.
The individual will partner with Legal, Quality & Risk Management, Data Privacy, Information Security, Delivery Excellence, ODC, AI Governance, and Engagement teams to proactively identify risks, provide mitigation guidance, and support predictable, compliant delivery.
Key Responsibilities
Contract Risk Assessment & Governance
- Review Statements of Work (SOWs), MSAs, Change Requests, Service Agreements, and subcontractor agreements.
- Identify contractual obligations that may impact delivery, security, privacy, staffing, geography, subcontracting, hosting, AI usage, or operational processes.
- Translate contractual requirements into actionable delivery controls and compliance obligations.
- Maintain a repository of contract risk clauses, deviations, exceptions, and mitigation actions.
- Provide risk sign-offs and recommendations for complex or high-risk engagements.
Data Privacy & Regulatory Compliance
- Assess contracts for privacy and data protection obligations.
- Evaluate applicability of:
- GDPR
- UK GDPR
- EU AI Act
- Digital Operational Resilience Act (DORA)
- Local country privacy regulations
- Sector-specific regulations (Financial Services, Healthcare, Public Sector, etc.)
- Ensure compliance requirements are incorporated into delivery plans.
- Support privacy impact assessments and data processing reviews.
- Review cross-border data transfer requirements and restrictions.
AI Risk & Responsible AI Compliance
- Assess contractual requirements related to AI, GenAI, Machine Learning, Automation, and Data Usage.
- Identify AI-related obligations including:
- Transparency requirements
- Model governance requirements
- Human oversight requirements
- Data governance obligations
- AI security controls
- AI auditability requirements
- Partner with AI governance teams to assess compliance with emerging AI regulations and client mandates.
- Review third-party AI tool usage and associated contractual restrictions.
Information Security & Data Protection
- Evaluate engagement compliance with:
- Information Security policies
- Client security requirements
- Data handling obligations
- Encryption standards
- Access management requirements
- Incident reporting obligations
- Validate alignment with privacy, security, and confidentiality commitments.
- Participate in security reviews, spot audits, and compliance assessments
ODC Governance & Audit Readiness
- Review contractual clauses governing Offshore Delivery Centers (ODCs).
- Support ODC setup governance and compliance validation.
- Ensure contractual commitments are reflected in ODC operational controls.
- Participate in ODC readiness reviews and audits.
- Drive audit remediation and closure of identified findings.
Delivery & Operational Risk Management
- Assess delivery risks arising from:
- Resource location restrictions
- Client-specific delivery controls
- Segregation requirements
- Staffing commitments
- Subcontractor usage
- Service-level obligations
- Transition and transformation commitments
- Work with Delivery Excellence teams to ensure contractual obligations are reflected in project governance.
- Identify risks early and recommend preventive actions.
Compliance Monitoring & Assurance
- Establish risk control frameworks for high-risk engagements.
- Monitor compliance throughout the engagement lifecycle.
- Perform periodic reviews of:
- Contractual compliance
- Data privacy compliance
- Security compliance
- AI compliance
- ODC compliance
- Support internal and external audits.
- Track remediation plans and risk closure.
Stakeholder Management
- Partner with:
- Legal
- Quality & Risk Management
- Data Privacy Officers
- Information Security Teams
- Delivery Excellence Teams
- Client Service Teams
- Engagement Leaders
- Serve as trusted advisor for contract risk interpretation and mitigation.
- Present risk assessments and recommendations to leadership forums.
Qualifications
Education
- Bachelor's degree required.
- Master's degree, Law degree, or Risk/Compliance qualification preferred.
Experience
- 10–15 years of relevant experience in:
- Contract management
- Risk management
- Data privacy
- Regulatory compliance
- Information security governance
- Consulting or professional services environments
Preferred Certifications
- CIPP/E, CIPM, CIPT
- CRISC
- CISA
- ISO 27001 Lead Auditor
- CISSP
- Certified Contract Manager (CCM)
- AI Governance / Responsible AI certifications
Critical Skills
Contract & Legal
- Contract interpretation
- Commercial risk assessment
- Regulatory analysis
- Negotiation support
Risk & Compliance
- Enterprise risk management
- Compliance assessments
- Audit management
- Risk reporting
Data Privacy & Security
- GDPR
- Privacy-by-design
- Cross-border data transfers
- Cybersecurity controls
- Data classification and handling
AI Governance
- EU AI Act awareness
- Responsible AI principles
- AI risk assessments
- Third-party AI vendor evaluation
Business & Leadership
- Executive communication
- Stakeholder influence
- Decision-making under ambiguity
- Ability to translate legal and regulatory requirements into practical delivery controls
Success Measures (KPIs)
- High-risk contracts reviewed before delivery initiation.
- Reduction in contract-related escalations and compliance breaches.
- ODC audit pass rate.
- Timely closure of audit and compliance findings.
- Zero material privacy/security violations attributable to contractual non-compliance.
- AI compliance assessments completed for applicable engagements.
- Percentage of high-risk engagements covered by proactive contract risk reviews.
- Leadership satisfaction with risk advisory support.
EY | Building a better working world
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.