Information Security Control Assessor

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

Control & Risk Compliance Analyst (GDS Philippines)

Today’s world is fueled by vast amounts of information. Data is more valuable than ever before. Protecting data and information systems is central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of over 950 people who collaborate to support the business of EY by protecting EY and client information assets! Our Information Security professionals enable EY to work securely and deliver secure products and services, as well as detect and quickly respond to security events as they happen. Together, the efforts of our dedicated team helps protect the EY brand and build client trust.

Within Information Security we blend risk strategy, digital identity, cyber defense, application security and technology solutions as we consider the entire security lifecycle. You will join a team of hardworking, security-focused individuals dedicated to supporting, protecting and enabling the business through innovative, secure solutions that provide speed to market and business value.

The opportunity

The Technology Assurance, Risk, and Policy (TARP) function within Information Security strives to create and promote a holistic Governance, Risk, and Compliance (GRC) program by creating a robust, resilient, and proactive governance framework, supported by a strategic risk management approach and stringent compliance structures. It aims to integrate and align its GRC initiatives in line with the global firms objectives and emerging threats within the cybersecurity landscape.

Furthermore, the Policy, Risk, and Controls (PRC) Enablement & Awareness team aims to establish policies and procedures that reflect the value we place on safeguarding our digital environment, while ensuring that these policies are effectively communicated and enforced across all levels of the organization. The Control & Risk Assessment team sits within PRC Enablement & Awareness and aims to directly enables the GRC program by designing control testing and risk assessment methodology to measure and quantify compliance to policies and control objectives.

Your Key Responsibilities

The Control & Risk Compliance Analyst will be expected to execute control testing plans, following the model for 1st line and 2nd line testing best-practice strategies. They will be responsible for routinely testing and assesses the effectiveness and efficiency of Information Security controls put in place to mitigate risks to determine if they are supporting the desired business outcomes under the support and direction of the Control & Risk Compliance team leaders. Test plans include, but are not limited to, self-assessment questionnaires, control testing, and process assessments.

Collaboration with other Information Security groups and external stakeholders across EY is key to this role. The primary service offering the Control & Risk Compliance Analyst will support is the EY China Compliance Program. This will mean they will need to work primarily with EY China stakeholders to evaluate and assess EY China’s compliance to Global InfoSec’s policies and control objectives. There will also be requirements to partner with other multi-departmental and multi-level stakeholders inclusive of, but not limited to Information Security, Client and Enterprise Technology, Data Protection, Global and Enterprise Risk Management, Internal Audit, Area and Regional Risk & Data teams, Service Line Quality Leaders, etc

Skills And Attributes For Success

• Execute and complete test plans for a variety of Information Security controls across the full scope of a Technology Risk Universe
• Based on results of assessments and testing, assist control owners with the design and implementation of their controls in the organizations IT environment.
• Build and maintain appropriate relationships with internal and external stakeholders.
• Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change.
• Outstanding interpersonal, communication, organizational, and decision-making skills.
• Ability to understand and integrate cultural differences to effectively participate on cross cultural teams.
• Act as a thought leader in the firm, staying informed of changes in information security, regulatory requirements, audit standards, and industry trends, adjusting strategies, as necessary.
• Demonstrate integrity and judgment within a professional environment.
  
  

To qualify for the role you must have

• 2+ years of experience in the Information Technology, Information Security and/or Risk Management field(s).
• Audit experience or a demonstrated ability to design and test technology controls.
• Experience working on global and virtual teams.
• High proficiency in speaking, reading, and writing skills in English (primary).
• Moderate proficiency in speaking, reading, and writing skills in Mandarin (secondary).
• An advanced degree in Computer Science, Information Security, or a related field; equivalent work experience will be considered on a case-by-case basis.
  
  

Ideally, you’ll also have

• A working knowledge of external control standards like ISO 27001, NIST 800-53, COBIT, etc and regulatory requirements like GDPR and SOX.
• Skilled in Microsoft Office and M365 products; primarily Word, Excel, PowerPoint, SharePoint, PowerApps, and PowerBI.
• Flexibility to work outside of normal business hours when engaging with team members and stakeholders in various time zones.
• Interest and ability to obtain one or more of the following or equivalent certifications: Certified Risk and Information Systems Control (CRISC), Certified Information Systems Security Processional (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), Certified Internal Auditor (CIA), Global Information Assurance Certification (GIAC) in related area, CIPP, CIPT.
  
  

What We Offer

As part of this role, you will work in a highly coordinated, globally diverse team with the opportunity and tools to grow, develop and drive your career forward. Here, you can combine global opportunity with flexible working. The EY benefits package goes above and beyond too, focusing on your physical, emotional, financial and social well-being. Your recruiter can talk to you about the benefits available in your country. Here’s a snapshot of what we offer:

• Continuous learning: You will develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We will provide the tools and flexibility, so you can make a significant impact, your way.
• Transformative leadership: We will give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You will be accepted for who you are and empowered to use your voice to help others find theirs.
  
  

We ensure that individuals with disabilities are provided reasonable accommodations to participate in the job application or interview process, to perform essential job functions and to receive other benefits and privileges of employment. Please contact us to request accommodations.

EY is committed to being an inclusive employer, and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.

If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.

Join us in building a better working world.

Apply now.

EY | Building a better working world

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

---