This job posting isn't available in all website languages

IT Risk Management Manager

Core Business Services
UNI00ELL Requisition #

EY Technology:


Technology has always been at the heart of what we do and deliver at EY. We need technology to keep an organization the size of ours working efficiently. We have 250,000 people in more than 140 countries, all of whom rely on secure technology to be able to do their job every single day.  Everything from the laptops we use, to the ability to work remotely on our mobile devices and connecting our people and our clients, to enabling hundreds of internal tools and external solutions delivered to our clients.  Technology solutions are integrated in the client services we deliver and is key to us being more innovative as an organization.


EY Technology supports our technology needs through three business units:


Client Technology (CT) - focuses on developing new technology services for our clients. It enables EY to identify new technology-based opportunities faster, and pursue those opportunities more rapidly.

Enterprise Workplace Technology (EWT) – EWT supports our Core Business Services functions and will deliver fit-for-purpose technology infrastructure at the cheapest possible cost for quality services. EWT will also support our internal technology needs by focusing on a better user experience.

Information Security (Info Sec) - Info Sec prevents, detects, responds and mitigates cyber-risk, protecting EY and client data, and our information management systems.  

The opportunity

The role of the IT Risk Management (ITRM) Manager is to enable the conduct of business, through proactive identification, assessment, and mitigation, of IT risks facing EY personnel, facilities, and operations around the globe. They will assume the key role for the creation, development, and on-going management and maintenance of IT Risk related training programs, communications, learning videos, newsletters and other collateral. This individual is a top leader in the IT Risk Management function who enables a critical service to EY Technology.


Your key responsibilities

The IT Risk Management function creates and maintains EY Technologies’ risk management framework, processes, tooling, and strategy. Our primary objectives are to enable EY Technology to build a risk-aware culture, reduce IT risk, defend against internal and external threats, and protect client and EY data.


The ITRM Manager is responsible for partnering closely with the Global IT Risk Management leader to set and drive the IT Risk Management vision, strategy, goals, and objectives for the three EY Technology organizations. The primary objectives for this role are to enable EY Technology to build a risk-aware culture, reduce IT risk, defend against internal and external threats, and protect client and EY data.

Skills and attributes for success
  • In partnership with the Global IT Risk Management Leader, drives technology risk agenda with CISO, EY Global Risk Leader, Enterprise Risk Management Leader for EY, EY Global Policy Leader, EY Global Business Continuity Leader, EY Global Data Protection Network Leaders, Global Internal Audit Technology Leader, and EY Legal Counsel.

  • Directs EY Technology’s risk methodology, processes, and tools, including our program and project management risk methodology

  • Represents EY Technology organizations as one of the primary EY Technology liaisons with the Americas Data Protection Network, Global Data Protection network, and Information Governance Steering Committee

  • Executing technology risk assessments throughout the EY Technology enterprise, which will reveal risks for top-level executives that impact business processes, performance and strategy.

  • Identify, assess, measure, manage, monitor, and report every aspect of the risk function and it's maturity within the three EY Technology organizations

  • Assists in directing the strategy and roadmap for maturing the risk management capability in the three EY Technology organizations

  • Consult on Enterprise programs to embed risk-based decision-making

  • Consult and provide direction to leaders in EY Technology on effective risk mitigation strategies

  • In partnership with the Global IT Risk Management Leader, drive adoption of industry leading risk management practices

  • Deliver risk intellegence to EY Technology leaders to enable informed decision-making

  • Co-lead the risk reporting, communication, and learning strategy for EY Technology 

To qualify for the role you must have
  • An in-depth understanding of ISO 27002, ISO 27001, ISO 31000 frameworks and applying these frameworks

  • Familiarity with local and regional regulatory requirements and how they impact IT policies

  • Experience with RSA Archer
  • Experience managing the communication to senior leaders in relation to our risk management program

  • Projects advanced consultative skills to conduct effective questioning to break down complex issues into core elements, formulate appropriate ideas or planning and negotiate those ideas and plans clearly and concisely to advance a cooperative engagement by all levels of the organization including senior and/or executive management. 

  • Solid ability to guide or develop actionable roadmaps and to implement in an efficient way to drive all risk management directives.

  • An ability to utilize core risk and controls skills in a broad range of projects both in a traditional internal audit and in advisory projects aimed at assisting in the implementation of controls / improvements.

  • Experience in developing and executing reporting strategies
  • Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change

  • Demonstrated ability to multitask and prioritize in a fast-paced environment

  • Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change

  • Outstanding interpersonal, communication, organizational, and decision-making skills

  • Strong judgment and analytical ability
  • Ability to communicate and gain support for initiatives
  • Strong English language skills; excellent writing, presentation, interpersonal, and communication skills are required

  • Ability to understand and integrate cultural differences and motives and to lead cross cultural teams.

  • An ability to utilize core risk and controls skills in a broad range of projects both in a traditional internal audit and in advisory projects aimed at assisting in the implementation of controls / improvements.

  • Professional; quickly establishes personal credibility and demonstrates expertise.

  • 10 or more years of experience in the Information Technology, Information Security and/or IT Risk Management field(s).

  • 5+ years of experience in managing senior staff/management staff in Governance, Risk, and Compliance

  • An advanced degree in Computer Science, Information Security or a related discipline, or equivalent work experience.

  • One or more of the following or equivalent certifications preferred: Certified Risk and Information Systems Control (CRISC), Certified Information Systems Security Processional (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), Certified Internal Auditor (CIA), Global Information Assurance Certification (GIAC) in related area, CIPP, CIPT 

Ideally, you’ll also have
  • Experience in IT Risk Management and/or Information Security disciplines

  • Experience in communicating to all levels of management, clients and vendors

  • A working knowledge of policy frameworks such as ISO, COBIT and unified compliance framework

  • Ability to appropriately balance internal functional needs with business impact and benefit

  • Skilled in executive level presentations and briefings
  • Solid knowledge and working experience in governance, risk and compliance as applies to technology

  • Proactively maintains a comprehensive knowledge of the core business and financial drivers of EY’s service lines as well as the operating environment within IT.  Works with peers and others in service specific IT groups to support the proper recognition of risk issues or to proactively position risk mitigation and other service improvement opportunities or to engage with others in the area of continuous improvement.

  • Good appreciation of the business benefits of internal control and good risk management and not just for compliance purposes (i.e., not limited to SOX, PCI or other regulatory mainstay drivers). 

What working at EY offers

We offer a competitive remuneration package where you’ll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well-being, insurance, savings and a wide range of discounts, offers and promotions. Plus, we offer: 

  • Support, coaching and feedback from some of the most engaging colleagues around

  • Opportunities to develop new skills and progress your career

  • The freedom and flexibility to handle your role in a way that’s right for you 

EY is committed to being an inclusive employer and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.

About EY

As a global leader in assurance, tax, transaction and advisory services, we’re using the finance products, expertise and systems we’ve developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. And with a commitment to hiring and developing the most passionate people, we’ll make our ambition to be the best employer by 2020 a reality.


If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.


Join us in building a better working world.

Apply now.

EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.


My Profile

Create and manage profiles for future opportunities.

Go to Profile

My Submissions

Track your opportunities.

My Submissions

Similar Listings

United States

📁 Core Business Services

Requisition #: UNI00EKC

United States

📁 Core Business Services

Requisition #: UNI00EON

United States

📁 Core Business Services

Requisition #: UNI00EE0