Let us introduce you to the job offer by EY GDS Poland – a member of the global integrated service delivery center network by EY.

Today’s world is fueled by vast amounts of information. Data is more valuable than ever before. Protecting data and information systems is central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of over 1000 people who collaborate to support the business of EY by protecting EY and client information assets! Our Information Security professionals enable EY to work securely and deliver secure products and services, as well as detect and quickly respond to security events as they happen. Together, the efforts of our dedicated team help protect the EY brand and build client trust.

Within Information Security we blend risk strategy, digital identity, cyber defense, application security and technology solutions as we consider the entire security lifecycle. You will join a team of hardworking, security-focused individuals dedicated to supporting, protecting and enabling the business through innovative, secure solutions that provide speed to market and business value.

The opportunity

Working closely with our service lines and functions and with our technologists across the world, the Portfolio Compliance Enablement function supports digitally enabled services that take advantage of emerging technologies in concert with EY’s broad industry-specific experience and professional services knowledge. The Information Security Portfolio Compliance Enablement Leader leads our EY Portfolio business team to improve their risk posture through compliance enablement with Information Security policies.

This lead will partner with requisite SL/Functional leaders and business stakeholders to reinforce policies, control ownership, and compliance responsibilities. They are responsible for and will maintain the overall technology compliance posture for the portfolio leveraging effective governance and oversight. In addition to requiring adequate information security controls, data protection, privacy and software development practices, this role is responsible for helping the organization understand and comply with all laws, rules and regulations governing the company’s technology, including third parties and vendor dependencies.

The role involves comprehensive management of the Portfolio and service line of risk with the primary accountability of reducing that risk by engaging directly with key EY Leaders and ensures the company’s technical systems and information assets are protected in accordance with compliance requirements by doing pro-active compliance management and compliance hunting.

Your key responsibilities

This position is a leading role in managing the compliance portfolio for all global, regional, and country-based assets and systems. As a compliance consultant dedicated to the EY Service Line and function, you will be both an individual contributor capable of supporting multiple projects and lead a team of compliance specialists focused on improving the risk posture of the Service Line or function.

• Risk Management and Reduction: Take ownership of the Portfolio or Service Line of security risk and compliance, engaging directly with key EY leaders to reduce risks by providing insights on top risks impacting the security posture of the businesses.
• Trend Identification and Remediation: Identify security risk trends and themes that require a comprehensive approach to remediation. Lead and spearhead these efforts, ensuring that risks are mitigated in a timely and efficient manner.
• Proactive Security Initiatives: Proactively seeking out and identifying security risks, weaknesses, and potential vulnerabilities in systems and processes before they can be exploited and independently stand-up initiatives to address them.
• Governance, Risk, and Compliance (GRC) Management: Manage the end-to-end workflow of security compliance of risk findings in our Governance, Risk, and Compliance (GRC) tool to ensure continuity and compliance with security policies, standards and regulations.

Skills and attributes for success

Significant working security experience and knowledge in the management of compliance with company security policies in the following areas:

• Strong leadership and organizational skills
• Strategic skills to assist with the development of a long-term vision for EY’s risk management security framework & approach
• Ability to appropriately balance firm security needs with business impact & benefit
• Ability to facilitate compromise to incrementally advance security strategy and objectives

To qualify for the role, you must have

A minimum of 10 years experience in the field of Cyber Security, Information Security, or related discipline

• At least 5 years’ experience in a leadership role managing a distributed team and workforce
• Advanced degree in Cyber Security, Information Security, Computer Science or a related discipline; or equivalent work experience
• One or more of the following or equivalent certifications: Certified Risk and Information Systems Control (CRISC), Certified Information Systems Security Processional (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), Certified Internal Auditor (CIA), Global Information Assurance Certification (GIAC) in related area, CIPP, CIPT

EY is an equal opportunities employer and welcomes applications from all candidates. We are committed to building a culture of inclusivity and respect, and we encourage applications from diverse candidates.