Technology Risk Management Lead - Ernst & Young

At EY, we're all in to shape your future with confidence. We'll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world.

The Technology Risk Management (TRM) Leader is responsible for overseeing the technology risks management activities within Client Technology (CT), whose mission is to create distinctive products, platforms and solutions to deliver long-term value to EY clients.

The TRM Leader, inside Client Technology:

• Aligns technology risk management with CT's vision, mission, strategy and priorities.
• Focuses on technology risks associated with software ideation, design, development, test, deployment and operations.
• Collaborates with all CT Functions to support them identifying, classifying, prioritizing, assessing, preventing, mitigating, responding, monitoring and reporting technology risks to ensure CT's products, platforms and solutions are secure and compliant with relevant regulations and standards.
• Collaborates with Technology Officers (TOs) to support them in managing technology risks with their respective Service Lines.
• Integrates with the overall Performance Excellence framework and objectives.

The TRM Leader, outside Client Technology:

• Collaborates with other EY organizations working on risk management, such as Global Risk Management (GRM) for strategic direction on governance, risk, compliance and Infosec (IS) for security management.
• Partners closely with the Technology Assurance Risk and Policy (TARP) team, part of Infosec, to align the global technology risk framework with the CT's strategy and priorities.

Your key responsibilities:

• Develop and implement a priority-based approach to manage technology risks related to software products, platforms and solutions managed by CT.
• Facilitate operationalization and maintenance of the technology risk management framework using EY risk framework and industry standard models (e.g., COBIT5, ITIL, NIST) as references.
• Advocate for funding and skilled resources necessary for risk management initiatives.
• Work collaboratively with a team of technology risk professionals, both inside and outside CT.
• Support and sponsor the integration of technology risk best practices into CT processes.
• Support and sponsor audit pipeline and onboarding.
• Monitor emerging technology risks (e.g. risks arising from using AI technologies).
• Foster compliance with relevant regulations, standards, and internal policies.
• Act as the change agent in the identification and execution of technology risk-related initiatives.
• Monitor and report on the effectiveness of technology risk management activities and controls.
• Provide guidance and support to CT's sub-functions on technology risk management matters.
• Keep up with the latest developments in technology risk management, cybersecurity and data privacy.

Skills and attributes for success:

• Bachelor's Degree in Computer Science, Management Information Systems, Risk Management, or a related field. A Master's degree is preferred.
• A minimum of 10 years of experience in technology risk management, cybersecurity and data privacy or a related field.
• Strong knowledge and hands-on experience with technology risk management frameworks and standards (e.g., ISACA/COBIT, ITIL, NIST, ISO/IEC 27000, 31000 & 22301, ISQM).
• Strong stakeholder engagement and management capabilities.
• Excellent project management skills and the ability to manage multiple projects simultaneously across a widely dispersed group of stakeholders.
• Strong analytical and problem-solving skills.
• Excellent communication, influencing and interpersonal skills.
• Relevant certifications (e.g. CISA, CISSP, CRISC, CISM, CPA, CIA, PMP, AWS, CIPP, CIPT, CRM) are preferred.

This role requires occasional travel to company locations across the world.

A self-starter, independent-thinker, curious and creative person with ambition and passion.