EY - Cyber Security – Manager Cyber GRC

Job Listing Detail: At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. We’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

The Opportunity: We’re looking for a Manager in our Cyber Security team with a strong focus on Governance, Risk, and Compliance (GRC). You will be responsible for defining, implementing, and managing GRC frameworks that enhance our clients' security posture and ensure compliance with regulatory requirements. This is a fantastic opportunity to be part of a leading firm while being instrumental in the development of next-generation GRC solutions.

Your Key Responsibilities:

• Design, implement, and manage GRC frameworks that align with organizational goals and regulatory requirements, including ISO 27701, ISO 27017, and PDPL (Personal Data Protection Law).
• Collaborate with clients to assess their GRC needs and develop tailored solutions that enhance compliance and risk management.
• Oversee the integration of GRC processes with existing IT and security frameworks, ensuring seamless functionality and user experience.
• Conduct risk assessments and audits related to GRC, providing recommendations for improvements and remediation strategies.
• Stay current with GRC trends, regulations, and best practices to ensure our solutions remain competitive and effective.
• Mentor and guide junior team members, fostering a culture of continuous learning and professional development.
• Drive discussions with senior stakeholders to align GRC strategies with business objectives and regulatory requirements.
• Develop and deliver training sessions on GRC best practices and technologies for clients and internal teams.
• Conduct compliance assessments to identify potential risks and develop mitigation strategies.
• Review and assess existing policies and procedures to ensure compliance with best practices and organizational policies.
• Create GRC documentation and conduct reviews to ensure alignment with regulatory standards and business objectives.

Skills and Attributes for Success:

• Proven experience in Governance, Risk, and Compliance frameworks, with a strong understanding of security governance and risk management.
• Deep technical knowledge of compliance requirements, risk assessment methodologies, and security technologies.
• Familiarity with ISO 27701, ISO 27017, and PDPL, and their application in GRC practices.
• Excellent analytical and problem-solving skills, with the ability to assess complex compliance challenges and develop effective solutions.
• Excellent communication skills, both verbal and written, with the ability to engage effectively with technical and non-technical stakeholders.
• Ability to manage multiple projects simultaneously and adapt to changing priorities in a fast-paced environment.
• Experience in project management methodologies and tools, with a focus on delivering high-quality results on time and within budget.

To Qualify for the Role, You Must Have:

• 12-15 years of experience in Information Technology, with a specialization in Cyber Security and Governance, Risk, and Compliance.
• Professional-level knowledge in GRC frameworks and risk management assessments.
• Strong hands-on experience with compliance technologies and risk management tools.
• Relevant industry certifications (e.g., CISSP, CISM, CRISC, or ISO 27001).
• Ideally, You’ll Also Have:
• Strong interpersonal skills and the ability to build relationships with clients and team members.
• Experience working in a consulting environment, with a focus on delivering value to clients.
• A proactive approach to identifying and addressing compliance challenges.

What We Look For:

• Professionals with strong technical acumen, a consulting mindset, and enthusiasm to learn in a fast-paced environment.
• Ability to lead cyber consulting discussions with SMEs and senior client stakeholders.
• Experience in RFP responses, proposal building, effort estimation, and go-to-market activities is a plus.