CT IT Risk Specialist, EY Core Business Services, Virtual (Salary Not Disclosed)

July 16, 2020 | News/Articles

The role of the Client Technology (CT) IT Risk Specialist is to enable the conduct of business, through proactive identification, assessment, and mitigation, of IT risks facing EY personnel, facilities, and operations around the globe.

A working knowledge of policy frameworks such as ISO, COBIT and unified compliance framework

Your key responsibilities:

  • The IT Risk Management function creates and maintains EY Technologies’ risk management framework, processes, tooling, and strategy. Our primary objectives are to enable EY Technology to build a risk-aware culture, reduce IT risk, defend against internal and external threats, and protect client and EY data.
  • As an Assistant Director in the CT IT Risk team, you will participate in the management of risk across CT including the engagement of firm leadership with Client Technology, the management/remediation of information and technology risks, the interface to operational and business risk activities. You will partner closely with the CT IT Risk Leader and broader Global IT Risk Management team to execute on the vision, strategy, goals, and objectives for IT Risk Management. The primary objectives for this role are to enable CT to build a risk-aware culture, reduce IT risk, defend against internal and external threats, and protect client and EY data.
  • You will aid the organization in understanding the importance of making risk-aware business decisions by supporting risk and security knowledge and championing the need for a risk interventions and plans. You will also be critical to strengthening our risk and security position and continuous improvements to support business objectives and strategies.
  • Under direct supervision of the CT Risk Leader, the CT Risk Specialist is responsible for:
  • Building and maintaining an understanding of the CT organization and key players within it to facilitate quick and accurate communications to appropriate teams.
  • Subject matter expertise in IT risk assessment methodologies
  • Coordinating participation and tracking progress of internal and external audits, including: Info Sec assessments, Code of Connection audits, IT Risk Management Audits, Global Internal Audits, and external regulatory audits
  • Evangelizing a risk-aware culture and executing on IT Risk Management defined education and awareness plans
  • Improving data quality across the CT organization
  • Improving resiliency of systems and processes across the CT organization
  • Assisting with compliance and risk mitigation process improvement
  • Understanding of eGRC system and associated reporting
  • Understanding of risk management practices, including audits, assessments, controls, and risk registers
  • Work with leadership to determine areas for focus for risk assessments, develop assessment plan and timeline
  • Analyze data, statistics, and reports to ascertain trends and conclusions to present to CT leadership

For More Info. Go to: