Security Compliance Specialist

Security Compliance Specialist - Global Delivery EY The Security Compliance department identifies and manages the key Information Security risks within EY. The department owns the Compliance Program that manages identified non-conformity events to existing policies, monitors and reports on the effectiveness of IT controls, and performs root cause analysis to identify systemic or process weaknesses that may affect the firm’s information security posture. Our primary goal is to defend against internal and external threats and protect client and enterprise confidential data. This goal is balanced against various business goals and objectives, helping to protect the firm and its clients in a cost effective way. Essential Functions of the Job Conduct security compliance program activities as specified in the information security policy to assess compliance with EY’s policies, standards and procedures Keep track of security deficiencies through the documentation of findings, monitoring the follow through of the remediation, and validates closure to increase the security maturity of the security program and reduce overall risk Report on metrics to gauge effectiveness of the security policy framework and publish periodic metrics report Analyze the data contained within the compliance system and other security information repositories to identify security trends, root causes and notable risks Advise others, helping to enhance and improve their understanding of information security and its importance to EY Advise managers and other leaders concerning the overall status of the function’s compliance findings and associated remediation plans and exceptions Document security findings, remediation plans and exception requests in a clear and concise manner Identify what is needed to validate remediation has been successful Analytical/Decision Making Responsibilities Demonstrated integrity and judgment, tact and decision making ability within a professional environment Demonstrated ability to think creatively while accounting for multiple perspectives in any given scenario Ability to appropriately balance firm security needs with business impact & benefit Ability to recognize patterns in structure and unstructured data and to draw appropriate connections between seemingly disparate pieces of information Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity, and rapid change Must be able to work independently and with minimal direct supervision Supervision Responsibilities Directs the progress of project work assigned to team members, and report status to management Evaluates, counsels, mentors and provides feedback on performance of team members Plans the training and development of team members to develop their skills and maintains state‑of‑the‑art knowledge in information security Technical Skills and Understanding of Risk Management/ISO 31000 Experience with data analytics tools like SAS or Spotfire will be preferred Maintain awareness of the current security threat landscape An overall understanding of the business objectives and security challenges within the different Service Lines within the organization Ability to team well with others to facilitate and enhance the understanding and compliance to security policies Some programming experience will be beneficial, though not required Experience Minimum of five years related IT work experience Three or more years of experience in the Information Security field Three or more years in an IT networking role – experience in solution design and development or within an infrastructure operations organization supporting LAN/WAN’s Experience advising and communication with clients and vendors in relation to security policies Demonstrated sound judgment, tact, and decision‑making ability Good management, interpersonal, communication, organizational, and decision‑making skills Ability to understand and integrate cultural differences and motives and to lead cross cultural teams Strong English language skills, written and verbal, are required Education An advanced degree in Computer Science or a related discipline, or equivalent work experience Certification Requirements Certified Information Systems Security Processional (CISSP), Global Information Assurance Certification (GIAC), #J-18808-Ljbffr