Join to apply for the Portfolio Compliance Enablement Leader role at EY

Location: Wrocław, Katowice

Hybrid model: 2 days office/3 days remote

Let us introduce you to the job offer by EY GDS Poland – a member of the global integrated service delivery center network by EY. Todays world is fueled by vast amounts of information. Protecting data and information systems is central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of over 1000 people who collaborate to support the business of EY by protecting EY and client information assets. Our Information Security professionals enable EY to work securely and deliver secure products and services, as well as detect and respond quickly to security events as they happen.

The opportunity

Working closely with our service lines and functions and with technologists across the world, the Portfolio Compliance Enablement function supports digitally enabled services that take advantage of emerging technologies. The Information Security Portfolio Compliance Enablement Leader leads our EY Portfolio business team to improve their risk posture through compliance enablement with Information Security policies. The role partners with service line leaders and business stakeholders to reinforce policies, control ownership, and compliance responsibilities, maintaining the overall technology compliance posture for the portfolio.

Your Key Responsibilities

• Risk Management and Reduction: Take ownership of the Portfolio or Service Line of security risk and compliance, engaging directly with key EY leaders to reduce risks by providing insights on top risks impacting the security posture of the businesses. Engage in compliance and risk-based investment planning to mitigate these risks effectively.
• Trend Identification and Remediation: Identify security risk trends and themes that require a comprehensive approach to remediation. Lead and spearhead these efforts, ensuring that risks are mitigated in a timely and efficient manner.
• Proactive Security Initiatives: Proactively seek out and identify security risks, weaknesses, and potential vulnerabilities in systems and processes before they can be exploited and independently stand up initiatives to address them. Improve compliance with security standards and policies through continuous improvement and innovation in security practices.
• Governance, Risk, and Compliance (GRC) Management: Manage the end-to-end workflow of security compliance of risk findings in our GRC tool to ensure continuity and compliance with security policies, standards and regulations.

• Define compliance strategies and remediation recommendations that provide pragmatic security guidance balancing business benefit and risks.
• Develop appropriate risk treatment and mitigation options to address security risks identified during security reviews or audits.
• Translate technical vulnerabilities into business risk terminology for the business.
• Maintain compliance framework assessment toolkits used in testing and validation procedures.
• Be accountable for and lead assessments for technology infrastructure, applications and third‑party dependencies, aligning to regulations, best practices and corporate governance.

Skills and Attributes for Success

• Strong leadership and organizational skills.
• Strategic skills to develop a long‑term vision for EY’s risk management security framework & approach.
• Ability to balance firm security needs with business impact & benefit.
• Ability to facilitate incremental security strategy and objectives.
• Understanding of EY’s business objectives and ability to build relationships across EY.
• Experience facilitating meetings, building consensus and mediating compromise.
• Execute top‑down assessment of risk based on policy compliance data and risks.
• Experience conducting risk, vulnerability, vendor and third‑party assessments and recommending remediation strategies.
• Continuous improvement in compliance with Information Security policies.
• Create, promote, and enforce protocols, enabling consistency across stakeholders.
• Investigate policy violations and recommend corrective action.
• Develop training materials and conduct sessions to educate on policies.
• Develop metrics to evaluate policy enforcement effectiveness, generating reports.
• Identify gaps and propose improvements in policy and enforcement.
• Advanced consultative skills to break down complex issues and negotiate solutions.
• Inject cybersecurity compliance into business through teamwork and influence.
• Maintain high integrity, trustworthiness, and professionalism.
• Remain credible with team and external constituents through sustained industry knowledge.
• Proven project leadership with legacy and emerging technologies to manage business risk and enforce security controls.
• Wide‑ranging knowledge in technical infrastructure and applications.

To Qualify for the Role, You Must Have

• Minimum of 10 years’ experience in Cyber Security, Information Security, or related discipline.
• At least 5 years’ experience in a leadership role managing a distributed team.
• Advanced degree in Cyber Security, Information Security, Computer Science or related discipline, or equivalent experience.
• Certifications such as CRISC, CISSP, CISM, CISA, CIA, GIAC, CIPP, or CIPT.
• Experience with ISO 27001/27002, NIST, PCI DSS, ITIL, COBIT.
• Leadership experience with regulatory requirements such as PCI, SOX, HIPAA, HITRUST, GDPR, GLBA.
• Experience with policy enforcement and security compliance in a publicly traded company.
• Understanding of GRC frameworks and tools.
• Excellent communication with clients, vendors, and management.
• Managing communication of security findings and recommendations to IT project teams and management.
• Executive‑level presentation and briefing skills.
• Proven proactive risk mitigation and ability to manage multiple projects in a fast‑paced environment.
• Experience managing end‑to‑end security compliance enablement projects and extensive regulatory experience.
• Strong English language skills.
• Ability to work with diverse teams and promote a collaborative security culture.
• Flexible and adaptable to changing environments.

Ideally, You’ll Also Have

• Exceptional judgment, tact, and decision‑making ability.
• Familiarity with local and regional regulatory requirements and IT policy impact.
• Flexibility to adjust to multiple demands and rapid change.
• Outstanding management, interpersonal, communication, organizational, and decision‑making skills.
• Experience with RSA Archer and/or IBM Open Pages.
• Ability to utilize core risk and control skills in both internal audit and advisory projects.

What We Look For

Individuals who are passionate about information security and demonstrate the ability to apply their knowledge to new and emerging technologies supporting the growth strategy of a global professional services firm.

What We Offer

EY Global Delivery Services (GDS) is a dynamic and truly global delivery network. We work across ten locations worldwide, collaborating with EY teams on exciting projects. We provide continuous learning, flexible success, transformative leadership, and an inclusive culture. Your contributions will help shape a better working world.

About EY

EY exists to build a better working world, helping create long‑term value for clients, people, and society. Our diverse teams provide trust through assurance and help clients grow, transform, and operate.

If you can demonstrate that you meet the criteria above, please contact us as soon as possible.

In compliance with the Whistleblower Protection Act, our company has established the procedure for reporting breaches of law and undertaking appropriate follow‑up actions. Any misconduct should be reported through the EY Ethics Hotline.

Seniority level: Director

Employment type: Full‑time

Job function: Finance and Sales

Industries: Professional Services