EY Jobs

Job Information

EY GDS Consulting_Third Party Risk Management (TPRM) – Senior Consultant in Philippines

GDS Consulting_Third Party Risk Management (TPRM) – Senior Consultant

Consulting

Requisition # PHI0046V

Post Date Aug 20, 2020

The opportunity

Third Party Risk Management (TPRM) – Senior Consultant

Your key responsibilities

  • Assist Managers in the delivery of third party risk managementengagements, such engagements involve performing a security assessment of a client’sthird party service providers. This involves:

  • Performing security assessments of new and existing serviceproviders

  • Performing vendor assessment reviews leveraging a SIG Lite or FullSIG

  • Verifying that all required SIG (Lite) questions have been answeredby vendor and all required documentation has been received

  • Assessing vendor answers and follow up with vendor directly forquestions

  • Conducting a risk analysis and assessment of vendor informationand documentation against a client’s IT security and data privacy requirements

  • Identifying whether additional information should be obtained fromthe vendor

  • Defining appropriate risk levels and corrective actions

  • Identifying issues and work with vendor to resolve/accept

  • Following up on corrective action plans

  • Maintaining issues/items tracker and status updates for eachvendor review.

  • Provide risk acceptance and/or risk remediation recommendations

  • Provide guidance and share knowledge with team members andparticipate in performing procedures focusing on complex, judgmental and/orspecialized issues.

  • Maintain relationships with client management to manageexpectations of service, including work products, timing, and deliverables.Demonstrate a thorough understanding of complex information systems and applyit to client situations

  • Use extensive knowledge of the client's business/industry toidentify technological developments and evaluate impacts on the client'sbusiness. Demonstrate strong project management skills, inspire teamwork andresponsibility with engagement team members, and use current technology/toolsto enhance the effectiveness of deliverables and services. Understand EY andits service lines and actively assess what the firm can deliver to serveclients

  • Supervise the delivery of the engagement against the engagementbudget, timeline, and scope

  • Perform quality assurance reviews

  • Provide coaching and guidance to the assessment team members

  • Assist in creating innovative insights for clients, adapt methods& practices to fit operational team needs, contribute to thought leadershipdocuments and develop new methodologies.

  • Facilitate discussions / knowledge sharing with key clientpersonnel and contribute to EY thought leadership.

  • Plan & deliver on client engagements. Provide regular statusupdates on engagements and work products.

  • Demonstrate strong project management skills

  • Maintain a strong client focus by effectively serving client needsand developing productive working relationships with client personnel. Stayabreast of current business and economic developments and newpronouncements/standards relevant to the client's business.

  • Demonstrate industry expertise (deep understanding of theindustry, emerging trends, issues/challenges, key players & leadingpractices)

  • Review status updates and prepare management presentations/auditcommittee presentations etc.

  • Actively contribute to improving operational efficiency onprojects & internal initiatives.

Skills and attributes forsuccess

  • Experience in executing vendor security reviews required

  • Experience in conducting third party reviews using SIG preferred

  • Use of risk assessment tools and techniques

  • Knowledge of various assessment types (e.g., self-assessments,audits, vulnerability assessments, penetration tests, third-party assurance)

  • Understanding of key industry control frameworks (NIST CyberSecurity Framework, COSO, COBIT, ISO 27000, Unified Compliance Framework, etc.)

  • Understanding of Information Security policies and standards

  • High level knowledge and understanding of systems architecture,infrastructure, security and applications

To qualify for the role, youmust have

  • Minimum 4 years of experience in third party risk management,informationsecurity audits, IT risk assessments, and/or compliance projects.

  • Experience in developing IT Risk Management (ITRM)documentation and assessment reports

  • Knowledge of information security, risk and complianceframeworks (e.g. NIST), and regulatory requirements and standards (e.g. HIPAA,PCI).

  • Excellent communication, writing, and presentation skills.

  • Bachelor's Degree in MIS, Information Security, Accounting,or related fields.

Ideally, you should alsohave

  • With CISA, CISM, CRISC, CISSP, CCSP, Security+, HCISPP, orcomparable industry certification.

What we look for

  • Strong analytical capabilities

  • Ability to communicate complex Information Security Riskassessment information to non-technical business leaders to ensure theycomprehend the risk being assigned to them.

  • Able to effectively communicate evaluation of risk remediationplans to action plan owners to ensure that mitigation activities areappropriately addressed

  • Comprehensive knowledge on business processes and theirrelationship to technology desirable

  • Experience in working for a large Fortune 100 organization desired

The opportunity

Third Party Risk Management (TPRM) – Senior Consultant

Your key responsibilities

  • Assist Managers in the delivery of third party risk management engagements, such engagements involve performing a security assessment of a client’s third party service providers. This involves:

  • Performing security assessments of new and existing service providers

  • Performing vendor assessment reviews leveraging a SIG Lite or Full SIG

  • Verifying that all required SIG (Lite) questions have been answered by vendor and all required documentation has been received

  • Assessing vendor answers and follow up with vendor directly for questions

  • Conducting a risk analysis and assessment of vendor information and documentation against a client’s IT security and data privacy requirements

  • Identifying whether additional information should be obtained from the vendor

  • Defining appropriate risk levels and corrective actions

  • Identifying issues and work with vendor to resolve/accept

  • Following up on corrective action plans

  • Maintaining issues/items tracker and status updates for each vendor review.

  • Provide risk acceptance and/or risk remediation recommendations

  • Provide guidance and share knowledge with team members and participate in performing procedures focusing on complex, judgmental and/or specialized issues.

  • Maintain relationships with client management to manage expectations of service, including work products, timing, and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to client situations

  • Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the client's business. Demonstrate strong project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services. Understand EY and its service lines and actively assess what the firm can deliver to serve clients

  • Supervise the delivery of the engagement against the engagement budget, timeline, and scope

  • Perform quality assurance reviews

  • Provide coaching and guidance to the assessment team members

  • Assist in creating innovative insights for clients, adapt methods & practices to fit operational team needs, contribute to thought leadership documents and develop new methodologies.

  • Facilitate discussions / knowledge sharing with key client personnel and contribute to EY thought leadership.

  • Plan & deliver on client engagements. Provide regular status updates on engagements and work products.

  • Demonstrate strong project management skills

  • Maintain a strong client focus by effectively serving client needs and developing productive working relationships with client personnel. Stay abreast of current business and economic developments and new pronouncements/standards relevant to the client's business.

  • Demonstrate industry expertise (deep understanding of the industry, emerging trends, issues/challenges, key players & leading practices)

  • Review status updates and prepare management presentations/audit committee presentations etc.

  • Actively contribute to improving operational efficiency on projects & internal initiatives.

Skills and attributes for success

  • Experience in executing vendor security reviews required

  • Experience in conducting third party reviews using SIG preferred

  • Use of risk assessment tools and techniques

  • Knowledge of various assessment types (e.g., self-assessments, audits, vulnerability assessments, penetration tests, third-party assurance)

  • Understanding of key industry control frameworks (NIST Cyber Security Framework, COSO, COBIT, ISO 27000, Unified Compliance Framework, etc.)

  • Understanding of Information Security policies and standards

  • High level knowledge and understanding of systems architecture, infrastructure, security and applications

To qualify for the role, you must have

  • Minimum 4 years of experience in third party risk management, information security audits, IT risk assessments, and/or compliance projects.

  • Experience in developing IT Risk Management (ITRM) documentation and assessment reports

  • Knowledge of information security, risk and compliance frameworks (e.g. NIST), and regulatory requirements and standards (e.g. HIPAA, PCI).

  • Excellent communication, writing, and presentation skills.

  • Bachelor's Degree in MIS, Information Security, Accounting, or related fields.

Ideally, you should also have

  • With CISA, CISM, CRISC, CISSP, CCSP, Security+, HCISPP, or comparable industry certification.

What we look for

  • Strong analytical capabilities

  • Ability to communicate complex Information Security Risk assessment information to non-technical business leaders to ensure they comprehend the risk being assigned to them.

  • Able to effectively communicate evaluation of risk remediation plans to action plan owners to ensure that mitigation activities are appropriately addressed

  • Comprehensive knowledge on business processes and their relationship to technology desirable

  • Experience in working for a large Fortune 100 organization desired

DirectEmployers