Technology Risk Assurance Managers job at EY
About the Organization
In 2019, we formalized our long-term value approach in the EY NextWave strategy and as a result, we’ve achieved 9.5% compound annual growth (FY 2019–2023) and reached nearly US$50 billion in revenue in FY23, a 14.2% increase in local currency. Long-term value creation is now part of our DNA, and I am proud of the progress it has enabled for EY, highlighted in this EY Value Realized 2023 report.
Job Description
A Technology Risk Assurance Specialist focuses on identifying, assessing, managing, and mitigating risks associated with an organization's technology systems. Their duties revolve around ensuring that IT systems are secure, compliant, and effective in supporting business operations.
Duties and Responsibilities
Risk Assessment:
Conduct thorough assessments of technology risks across various systems and processes.
Identify potential vulnerabilities and threats to IT infrastructure and data.
Risk Management:
Develop and implement risk management strategies and plans.
Monitor and track identified risks, ensuring that mitigation measures are effective.
Compliance:
Ensure IT systems comply with relevant regulations, standards, and policies (e.g., GDPR, HIPAA, ISO 27001).
Stay updated on changes in technology regulations and standards to ensure ongoing compliance.
Audit Support:
Support internal and external IT audits by providing necessary documentation and explanations.
Implement audit recommendations and track their progress.
Policy Development:
Develop and enforce IT risk management policies and procedures.
Ensure policies are communicated effectively to all relevant stakeholders.
Security Controls:
Design and implement security controls to protect IT systems and data.
Regularly test and evaluate the effectiveness of these controls.
Incident Management:
Respond to security incidents and breaches, conducting root cause analysis and implementing corrective actions.
Develop and maintain an incident response plan.
Training and Awareness:
Conduct training sessions and workshops to raise awareness of IT risks and promote best practices among employees.
Develop educational materials and resources to support risk awareness initiatives.
Risk Reporting:
Prepare detailed reports on technology risks, highlighting key findings, trends, and recommendations.
Present risk assessments and reports to senior management and stakeholders.
Vendor Risk Management:
Assess and manage risks associated with third-party vendors and service providers.
Ensure vendors comply with the organization's security and risk management standards.
Continuous Improvement:
Continuously monitor and review IT risk management practices to identify areas for improvement.
Stay informed about emerging technology risks and industry best practices.
Collaboration:
Work closely with IT, security, and business teams to integrate risk management practices into all technology projects and operations.
Foster a culture of risk awareness and proactive risk management throughout the organization.
Business Continuity Planning:
Contribute to the development and maintenance of business continuity and disaster recovery plans.
Ensure IT systems and processes are resilient and can recover quickly from disruptions.
Technical Assessments:
Conduct technical assessments such as penetration testing, vulnerability assessments, and security audits.
Analyze assessment results and provide actionable recommendations for improvement.
Data Privacy:
Ensure that data privacy measures are in place and comply with relevant regulations.
Conduct regular privacy impact assessments and implement data protection measures.
Qualification, Experiences and Competencies
Bachelor's degree in IT, Computer Science, Engineering, Telecommunications Full certifications: CISA, CISSP, CISM, ISO27001
Experience:
Atleast 5 years of experience
Experience in managing Technology Risk Assurance engagements. Competences and experience required:
Deep hands-on experience in IT Risk Assurance eg, SCX/ICFR/IFC/ SSAE, IT Financial Audit and Business Automated Controls or any other regulatory/compliance audits in a similar role
Thorough knowledge of IT Security aspects in areas like Cloud Computing, Cyber Risks, Network Security, database management systems, SDLC, IT general controls (ITG), COBIT, COSO 2013. Significant experience leading, planning, executing, and concluding Technology Risk Assurance engagements
Excellent project management skills.
Excellent negotiation skills
Collaborative approach to management.
Knowledge of quality and risk management
Experience in business development including proposal preparation and presentation
How to Apply
APPLICATION FOR THIS POSITION MUST BE DONE ONLINE:
Are you interested? Click the "APPLY" button below to submit your application.