Informacje o stanowisku

The opportunity

Working closely with our service lines and functions and with our technologists across the world, the Portfolio Compliance Enablement function supports digitally enabled services that take advantage of emerging technologies in concert with EY’s broad industry-specific experience and professional services knowledge. The Information Security Portfolio Compliance Enablement Leader leads our EY Portfolio business team to improve their risk posture through compliance enablement with Information Security policies. This role partners with SL/Functional leaders and business stakeholders to reinforce policies, control ownership, and compliance responsibilities. They are responsible for maintaining the overall technology compliance posture for the portfolio through effective governance and oversight. Additionally, this role ensures compliance with laws, rules, and regulations governing the company’s technology, including third-party and vendor dependencies.

The role involves comprehensive management of the Portfolio and service line risks, engaging with EY Leaders to reduce risk by ensuring technical systems and information assets are protected in line with compliance requirements through proactive management and risk hunting. It focuses on end-to-end security compliance enablement, identifying, evaluating, and reporting on information security risks related to technological systems and software.

As a Portfolio Compliance Enablement Lead within EY’s Global Information Security, this individual will serve as a trusted compliance advisor, managing a team of specialists to improve EY’s risk posture, guide projects, lead risk reduction initiatives, and communicate security vulnerabilities in business risk terms. The role aims to enhance the Service Line’s capacity to manage and mitigate security risks, protecting the companys reputation and accelerating secure technology use.

This role will collaborate with Information Security leaders to implement strategy, vision, and objectives.

Your key responsibilities

This position manages the compliance portfolio for global, regional, and country assets and systems. It involves supporting multiple projects and leading a team of compliance specialists to improve risk posture, requiring a deep understanding of the Service Line, business drivers, risks, and compliance data analysis.

You will lead a team focusing on:

• Risk Management and Reduction: Engage with EY leaders to reduce security risks through insights and risk-based investment planning.
• Trend Identification and Remediation: Identify and address security risk trends proactively.
• Proactive Security Initiatives: Detect vulnerabilities early and lead initiatives to address them, continuously improving security practices.
• GRC Management: Oversee security compliance workflows within our GRC tools to ensure adherence to policies and standards.

Additional responsibilities include defining compliance strategies, developing risk mitigation options, translating vulnerabilities into business risks, maintaining assessment frameworks, and leading infrastructure and third-party risk assessments.

Skills and attributes for success

Extensive security experience, leadership skills, strategic thinking, relationship-building, risk assessment expertise, and a proactive approach to security compliance are essential. Candidates should be able to communicate effectively, influence stakeholders, and manage multiple projects efficiently.

To qualify for the role, you must have

• At least 10 years in Cyber Security or related fields
• Minimum 5 years in a leadership role managing a distributed team
• Advanced degree or equivalent experience
• Certifications such as CISSP, CISM, CISA, etc.
• Experience with security standards (ISO, NIST, PCI DSS, etc.) and regulations (GDPR, HIPAA, etc.)

Ideally, you’ll also have

• Exceptional judgment, regulatory familiarity, adaptability, and leadership skills
• Experience with tools like RSA Archer or IBM Open Pages

What we look for

Passion for information security and the ability to apply knowledge to emerging technologies supporting a global firm’s growth.

What we offer

• Global delivery network opportunities
• Continuous learning and development
• Flexible work environment and leadership growth
• Diversity and inclusion

Wrocław - Oferty pracy w okolicznych lokalizacjach