EY Jobs

Job Information

EY Global Information Security Policy & Awareness Specialist in Louisville, Kentucky

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

EY Technology

Technology has always been at the heart of what we do and deliver at EY. We need technology to keep an organization the size of ours working efficiently. We have over 320,000 people in more than 140 countries, all of whom rely on secure technology to be able to do their job every day. Everything from the laptops we use, to the ability to work remotely on our mobile devices and connect with our people and our clients, to enabling hundreds of internal tools and external solutions delivered to our clients. Technology solutions are integrated in the client services we deliver and are key to us being more innovative as an organization.

EY Technology supports our technology needs through three core business units:

  • Client Technology (CT) - focuses on developing new technology services for our clients. It enables EY to identify new technology-based opportunities faster and pursue those opportunities more rapidly

  • Enterprise Technology (ET) - supports our Core Business Services functions and delivers fit-for-purpose technology infrastructure at the lowest possible cost for quality services. ET also supports our internal technology needs by focusing on a better user experience

  • Information Security (InfoSec) - provides security requirements and solutions that are designed to prevent, detect, and respond to events and information risks that may impact EY and client data, and our information management systems

The opportunity

The Information Security Policy & Awareness (P&A) Specialist is responsible for the creation and maintenance of EY’s global information security (IS) policies, standards, and guidelines as well as preparing and delivering security awareness, training and guidance through various learning and communication channels.

The InfoSec P&A Specialist is also responsible for the creation of presentations, summarizing and highlighting benefits of new and updated IS policy documents and awareness communications intended for EY leaders, stakeholders and general staff.

The objective of this position is to deliver clear, concise, up-to-date and timely IS policies, standards, guidelines, and security awareness guidance and training.

Your key responsibilities

  • Translate recommendations from subject matter experts, vendor and industry standards, guidelines and best practices into high-quality, coherent information security policies, standards, and guidelines

  • Harmonize content of IS documents and materials with other EY policies and standards, ISO/IEC 27001 information security standard, as well as information security regulatory requirements

  • Collaborate with Information Security, Information Technology, Data Protection, and Legal teams

  • Write, edit and maintain IS documentation and training materials for internal business users, IT professionals, and EY leaders

  • Verify the relevancy and accuracy of IS documentation and awareness materials

  • Brainstorm, recommend and implement improvements to global IS documentation, awareness materials, internal P&A team programs, frameworks and processes

  • Support the writing and editing of proposals as needed

Analytical and decision-making responsibilities

  • Ability to organize, structure and prioritize information from multiple sources

  • Ability to appropriately balance needs of EY Information Security with business and technological risks and business impact

  • Demonstrated ability to think creatively while accounting for multiple perspectives in any given scenario

  • Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change

  • Must be able to work independently and with minimal direct supervision

  • Focused on how to best convey information clearly and concisely

Skills and attributes for success

  • Experience working in information security and demonstrable understanding of information security concepts

  • Knowledge of information security policies / principles of handling and protecting information

  • In-depth understanding of ISO/IEC 27000 Information Security and COBIT frameworks

  • General technical knowledge of operating systems, databases, networks, mobile technologies and cloud services

  • Familiarity with regulatory information security requirements

  • Strong English language skills

  • Good writing, presentation, interpersonal, and communication skills

  • Skilled in executive level presentations and briefings

  • Experience managing communication with internal customers

  • Ability to collaborate with others to facilitate and enhance compliance with IS policies

  • Maintain awareness of the current security threat landscape

  • Experience with coordinating tasks, allocating resources, and following tasks and projects through completion

  • Experience with Microsoft Office (Word, Excel, PowerPoint and Visio)

To qualify for the role, you must have

Education:

  • Advanced degree in Technical Communications, Technical Writing, English or related discipline, or equivalent work experience

Experience:

  • Eight or more years of experience in Information Security

  • Experience developing, implementing and maintaining Information Security policies, standards, and guidelines, and involvement with developing and delivering information security awareness programs

  • Experience working with common information security standards, such as:

  • IEC/ISO 27000, NIST, PCI DSS, ITIL, COBIT, SOC2

  • Experience working in a global virtual environment

  • Strong English language skills are required – written and verbal

  • Excellent interpersonal, communication and presentation skills

  • Good time management, organizational, and decision-making skills

  • Good judgment and tact

  • Ability to understand and integrate cultural differences and motives, and ability to work with cross cultural teams

Certification Requirements:

  • Preferred to hold one of the following or equivalent certification(s):

  • CISSP or Global Information Assurance Certification (GIAC) in related area, or other equivalent certification(s)

Note:

  • This job description is intended as a guide to reflect the principal functions of the job. However, it is not an all-inclusive listing of the required job functions and functions may vary depending on the geographic location of the job and/or the manager. Further, the job description is subject to change at the discretion of management.

  • Full Time (US)

Ideally, you’ll also have

  • General knowledge of Project Management methodology

  • Experience with MS SharePoint, including development and maintenance of SharePoint sites

  • Experience with RSA Archer or other GRC systems

  • Experience with MS Power BI

What we look for

  • Someone that will help us transform human behaviours that could negatively impact EY into positive human behaviours that reduce risk to EY

What we offer

We offer a competitive compensation package where you’ll be rewarded based on your performance and recognized for the value you bring to our business. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.

  • Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.

  • Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.

  • Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.

  • Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

If you can demonstrate that you meet the criteria above, please contact us as soon as possible.

The exceptional EY experience. It’s yours to build.

EY | Building a better working world

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

EY is an equal opportunity, affirmative action employer providing equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, national origin, protected veteran status, disability status, or any other legally protected basis, in accordance with applicable law.

DirectEmployers