Information Security Manager - CBS Regional Operations - Permanent

This job is brought to you by Jobs/Redefined, the UK's leading over-50s age inclusive jobs board.

Information Security Manager - EY CBS Regional Operations (UK & Ireland)
Rank - CBS Assistant Director

Your key activities and responsibilities:

As part of our UK CBS Regional Operations team, in this role you will:

• work across EY UK and Ireland's business enablement and client service delivery functions, to conduct information security governance, compliance and assurance activities on a diverse range of IT programs, assisting with the delivery of processes to ensure the Firm stays agile and innovative;
• support the administration of data loss prevention (DLP) capabilities and polices, interface with technical stakeholders to ensure the efficacy of DLP controls and work with users to investigate and resolve queries and incidents;
• identify and mitigate potential security risks and communicate solutions back to project teams;
• keep a log of progress where business exceptions are granted;
• participate in the EY UK firm's Information Governance Program. taking an active role in technology areas;
• support the administration of access and authentication for EY collaboration and document management tools, including development and distribution of Microsoft 365 best practice;
• provide advice to the business on good information governance and participate in training and awareness programs;
• develop a strong understanding of and act as a champion for EY's information security and data protection due diligence methodologies, advising stakeholders across the firm on how to securely launch new technologies;
• collaborate with and provide expert guidance in partnership with Regional Operations colleagues, Risk Management, Legal, Procurement and EY's Global Technology function to deliver effective and compliant due diligence;
• champion best practice with a view to ultimately mitigating risks and maximising return on investment;
• ensuring internal policies are maintained and available, and risk assessments are conducted;

To be successful, the successful applicant should have some experience of working in a project/operational/delivery environment within an information security governance, risk and compliance function. Knowledge of tools or processes in that area would be beneficial. The successful candidate will already possess or be developing the knowledge and desire to work towards an information security qualification. The role holder will be expected to attain a thorough knowledge of EY's information security management system, through working in partnership with members of the UK CBS Regional Operations team, the global EY Technology organisation and various other stakeholders including service line quality, legal, data protection and risk management representatives. You will assist planning and delivery of information security and privacy services, programs and initiatives, to support people and teams across the EY firms in UK and Ireland, including:

• technology deployments (e.g. data loss prevention, secure content management);
• delivery of project risk briefings and management information reporting;
• interaction with client-facing teams, business enablement functions and external third parties around risk assurance;
• induction, awareness and ongoing information security education.

Skills and attributes for success

• You should be capable of picking up new technological skills quickly and be ready to build a comprehensive knowledge of UK cyber and information security industry standards. You will need to work closely with operational units and translate technical concepts to business facing stakeholders. From time to time, you may need to engage with external stakeholders including client and supply chain security teams, regulatory authorities and external auditors so you must be able to demonstrate the ability to present and communicate with confidence and gravitas.
• The role holder will need to develop and maintain a thorough knowledge of the applications, vendors, infrastructure, business processes, collaboration platforms and data repositories used by the EY UK and Ireland firms but recognise that security is just one of the risks that EY leadership must assess.
• The role holder must also be able to understand the balance between the needs of the firm in creating value, and the drive to manage security risk to an acceptable level.
• Previous experience of policy development, technical control processes and delivery of security solutions within a commercial environment would be beneficial.
• An ability to raise the profile of security within the organisation by being proactively involved with internal stakeholders and habitually seeking opportunities to inform, engage and/or train people across the firm on information security and cyber hygiene.
• You should be able to identify issues affecting internal clients and provide a clear rationale and explanation for suggested actions; completes assigned work in line with EY quality standards and expected timeframe; understand and fully meet EY and local independence, ethical and regulatory requirements; develop high-quality deliverables with little or no re-work and produce, with limited supervision, complete and accurate work.

To qualify for the role, you should have:

• Evidence of active operational IT, cyber or information security working experience, especially if delivered remotely
• The ability to hold baseline UK security clearance
• Experience of working in a professional services firm or partnership would be beneficial, e.g., understanding of complex matrix organisations, working with colleagues in other functions/organisations or indirect relationships

What we look for
We need someone who is resilient, able to operate calmly under pressure in a complex environment and will act and communicate with integrity and commercial acumen.

If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.