Consulting - Cyber Security - Cyber Governance and Privacy - Manager/ Senior Manager - Hong Kong
EY
Consulting – Cyber Security – Cyber Governance and Privacy – Manager/ Senior Manager – Hong Kong
The opportunity
With rapidly regulatory and legislative challenges in collecting and processing personal data, clients from all industries look to us for trusted solutions for their increasingly complex risks. As a Senior Manager for Privacy in our Cyber Risk Management Team, you’ll have the opportunity help clients gain insights into their cybersecurity and privacy program and strategy as a whole. You will have access to our robust solutions to advise clients on managing cybersecurity and privacy risk, enhancing maturity, and improving efficiency. You will belong to an international connected team of specialists helping our clients with their most complex cybersecurity and privacy needs, and contribute toward their business resilience.
You’ll work alongside respected industry professionals, learning about and applying leading practices to better manage people, process and technology capabilities in the field of privacy and data protection. You’ll gain insights into the design and operations of privacy programs and strategies in a variety of industries and learn how to design measurable, sustainable programs to keep up with the ever changing technology and regulatory landscape.
Your key responsibilities
You’ll work with our practice in Hong Kong in a leading role on client projects in:
- Data Protection & Privacy: to assess and consult clients on data privacy, implementation of data protection programs, to address confidentiality and security over customer, employee or patient data. You will gain insights into the design and operations of privacy programs and strategies in a variety of industries and learn how to design measurable programs to keep up with the ever changing regulatory landscape.
- Cyber Transformation: to better connect and integrate privacy and cybersecurity programs and strategies for our clients. You will gain experience applying risk management principles to a cybersecurity and privacy environment by leveraging cybersecurity and privacy frameworks / standards like ISO/IEC 27001:2013, 27018, NIST CSF, NIST 800-53, etc. You will design solutions to remediate gaps or enhance maturity of specific cybersecurity and privacy capabilities. And you will implement or improve cyber security management strategies and processes at the clients’ organization.
Skills and attributes for success
- Outstanding, up-to-date knowledge about current privacy and data protection challenges and trends;
- Knowledge of the current security environment and industry trends to identify engagement and client service issues, communicate this information to the engagement team and client management through written correspondence and verbal presentations
- Work closely with executives (senior managers and partners) to co-lead, motivate teams and provide leadership in client engagements;
- Foster relationships with client personnel to analyze, evaluate, and enhance information systems to develop and improve security at procedural and governance levels
- Deliver quality client services. Drive high-quality work products within expected timeframes and on budget
To qualify for the role you must have
- Bachelor or Master Degree in Business Information Technology or Law, or equivalent education with touch points to Privacy and Cybersecurity topics
- 6 to 12 years of related work experience.
- Passion for consulting, privacy, and cybersecurity
- A proven track record in building new client relations and instigating projects
- Knowledge of one or more of the following areas:
- Privacy assessments and implementations;
- Privacy policies, standards, operating models, strategies and roadmaps
- Privacy-by-design;
- Privacy awareness and training;
- Privacy operations, e.g. metrics and reporting;
- Third party risk management;
- Data retention and deletion policies or mechanisms;
- Developing privacy-related automated procedures (e.g. data subjects requests, incident response, deletion and retention);
- Data transfers and transfer mechanisms.
- An industry recognized privacy certification, e.g. CIPP/E, CIPM, CIPT
- A solid knowledge of security frameworks and standards such as ISO 27001/2, NIST 800-53 and the connection with privacy operations and compliance
- Excellent knowledge of privacy regulations such as GDPR, CSL, DSL, PIPL, CCPA, etc.
- Excellent written and verbal communication skills in English, Cantonese or Mandarin
- Strong client services orientation and accustomed to taking a proactive role in engagements
- Flexible, responsible and self-confident personality, who feels comfortable in client’s environment
- Strong presentation and communication skills
What we look for
We’re interested in intellectually curious people with a genuine passion for cybersecurity. If you have the confidence in both your presentation and technical abilities to grow into a leading expert here, this is the role for you.
What we offer
We offer a competitive compensation package where you’ll be rewarded based on your performance and recognized for the value you bring to our business:
- Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
- Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
- Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
- Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.
- Modern working environment and equipment, fostering mobile working flexibility
- Acquire a fully accredited corporate MBA (EY Tech MBA) whilst working with EY, completely free
If you can demonstrate that you meet the criteria above, please contact us as soon as possible.