Employer简体中文Login/Signup

Information Security Compliance Specialist

New York 9 days agoFull-time External
Negotiable
EY

EY

At EY, we are dedicated to helping shape your future with confidence. Join our dynamic and diverse teams and take your career wherever you want it to go. By joining EY, you become a part of our mission to build a better working world. In today’s data-driven landscape, information has never been more valuable. At EY, protecting data and information systems is paramount, and our Information Security professionals play a vital role in this effort. Join our global team of over 1000 experts committed to safeguarding EY and client information assets. Together, we enhance EY's reputation while building client trust through secure and innovative solutions. The Opportunity As an Information Security Compliance Specialist within the Compliance Enablement function, you will collaborate with technologists across the globe to ensure our digital services adhere to Information Security policies. Your role is integral in enhancing the risk posture of business teams and partnering with leaders to maintain compliance across our global, regional, and local systems and assets. This position focuses on governance and oversight, ensuring our security practices meet legal standards while protecting data privacy. Key Responsibilities • Assist with managing the security risk and compliance portfolio, engaging with key EY stakeholders to provide insights on critical risks affecting business security. • Identify and report on security risk trends that necessitate comprehensive remediation efforts. • Proactively uncover security vulnerabilities and weaknesses in systems before they become threats, promoting continuous improvement in compliance practices. • Manage the workflows of security compliance findings within our Governance, Risk, and Compliance (GRC) tool, ensuring adherence to policies and standards. Additional responsibilities include: • Lead projects aimed at improving EY's risk posture. • Develop compliance strategies and remediation plans. • Work closely with stakeholders to reinforce compliance responsibilities and communicate security findings effectively. • Contribute to innovation and proactive initiatives to enhance security practices. • Translate technical vulnerabilities into understandable business risks. • Maintain and update compliance assessment toolkits. • Conduct assessments for technology infrastructure and applications to evaluate compliance effectiveness. • Drive compliance improvements through project management and innovation in security processes. Skills and Attributes for Success • Demonstrated experience in compliance management within Information Security. • A strong ability to balance security requirements with business needs. • Exceptional leadership and organizational skills. • Ability to foster relationships that facilitate compliance with security policies. • Experience in risk assessments and recommending effective remediation strategies. • Proficient in developing and overseeing enforcement protocols. • Strong communication skills, with the ability to negotiate complex issues. • Knowledge of technical infrastructures and applications relevant to security. • Capability to collaborate effectively across diverse teams. • Metrics-driven mindset to evaluate policy effectiveness and generate reports. • A high level of integrity and professionalism in representing the company. To Qualify for the Role, You Must Have • A minimum of 8 years' experience in Cyber Security or a related field. • A minimum of 3 years' experience in a leadership role managing a team. • A degree in Cybersecurity, Information Security, Computer Science, or a related discipline; or equivalent work experience. • One or more certifications such as CRISC, CISSP, CISM, CISA, CIA, GIAC, CIPP, or CIPT. • Familiarity with security standards including ISO 27001/27002, NIST, and PCI DSS. • Understanding of governance, risk, and compliance (GRC) frameworks. • Experience with regulatory requirements such as PCI, SOX, HIPAA, GDPR, and GLBA. • A proven track record of identifying and mitigating security risks preemptively. • Ability to engage with and manage communication with diverse teams. • Strong English communication skills. Ideally, You'll Also Have • Good judgment and decision-making abilities. • Familiarity with local and regional regulations. • Adaptability to evolving priorities and business needs. • Exceptional management and organizational skills. • Proven project management skills, with PMP certification or relevant experience. • Hands-on experience with GRC platforms like RSA Archer or IBM Open Pages. What We Look For We seek individuals who are passionate about information security and have the ability to apply their knowledge to new technologies supporting our global growth strategy. What We Offer You Our comprehensive compensation and benefits package corresponds to your performance and the value you bring to EY. The base salary range in the US is $128,100 to $239,600, with additional specifics for regions such as New York City, Washington State, and California. Your compensation includes medical and dental coverage, pension plans, and various paid time off options. Join us in our hybrid model, where collaboration in person is expected 40-60% of the time. Under our flexible vacation policy, you’ll manage your time off based on personal circumstances. Are you ready to shape your future with confidence? Apply today! For those living in California, additional information is available. At EY, we emphasize high ethical standards and integrity, and we expect candidates to embody these values. EY | Building a better working world EY is committed to creating new value across sectors and building trust while enhancing the future with data and technology for our clients. We provide equal employment opportunities and are dedicated to accommodating individuals with disabilities during the application process.