At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

EY GDS CONSULTING - NON-FINANCIAL SERVICES – THIRD-PARTY RISK MANAGEMENT (NFS TPRM) – SENIOR

As part of our EY- NFS TPRM team, you will help clients enhance their business performance by translating their strategies into realities. Working with EY-high performing teams, you will help clients to grow, innovate, protect, and optimize their business performance.
The opportunity
We’re looking for Seniors with expertise in Third-Party Risk Management to join the leadership group of our EY- NFS TPRM team. It is a fantastic opportunity to be part of a leading firm while being instrumental in the growth of a new service offering.

SKILLS AND ATTRIBUTES FOR SUCCESS

• Maintain an educational program to develop personal skills continually.
• Constantly upskilling as per market trends.
• Understand and follow workplace policies and procedures.
• Attend L&D programs and exhibit a thorough knowledge of consulting methodology and consulting attributes.
• Exhibit initiative and participate in corporate social and team events.

YOUR KEY RESPONSIBILITIES

• Lead and work closely with the manager in the delivery of Third-Party Risk Management (TPRM) engagements.
• Lead the design and implementation of TPRM operating models, identifying, evaluating, and providing solutions to evaluate complex business and technology risks.
• Follow policies and procedures that support the successful implementation of TPRM operating models.
• Facilitate process walkthrough discussions to document end-to-end business processes and functional requirements.
• Assess the application of legal and regulatory requirements to clients TPRM practices.
• Lead/Participate in technology enhancement requirements such as Automation, Data Analytics, AI to support TPRM processes.
• Assist in the selection and tailoring of approaches, methods, and tools to support service offering or industry projects.
• Demonstrate a general knowledge of market trends, competitor activities, EY products, and service lines.
• Build and nurture positive working relationships with clients to achieve exceptional client service.
• Contribute to Identifying opportunities to improve engagement profitability.
• Assist leadership in driving business development initiatives and account management.
• Participate in building strong internal relationships within EY Consulting Services and with other services across the organization.

TO QUALIFY FOR THE ROLE, YOU MUST HAVE

• 4 to 8 years of demonstrated experience with Risk Management across the Third-Party engagement lifecycle (pre-contracting, contracting, and post contracting) and an understanding of the associated organizational infrastructure (e.g., relevant internal controls, business processes, governance structures).
• Strong understanding of the TPRM framework, Risk Management, Information Security practices.
• Demonstrate a good understanding of the Contract Risk Review management process.
• Hands-on exposure to TPRM tools and technology solutions (e.g., GRC enablement solutions, such as Process Unity, Prevalent, Archer, ServiceNow, etc.).
• Demonstrated knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, HITRUST, etc.
• Good knowledge of privacy regulations such as GDPR, CCPA, etc.
• Good knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc.
• Good knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts, Physical & Environmental Security, Asset Security and Identity & Access Management.
• Good knowledge of OS (Windows / Linux) security, Database security, IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.), Security architecture design, and review.
• Good familiarity with OWASP, and Secure SDLC standards/frameworks, anti-virus solutions (e.g., Symantec, McAfee, etc.).
• Good experience in LAN/WAN architectures and reviews.
• Good knowledge of incident management, disaster recovery, and business continuity management, cryptography.
• Good to have prior Big-4 experience.
• Good to have certifications - CISSP, CISA, CISM, CTPRP, CIPP, ISO 27001 Lead Auditor or Lead Implementer

You get to work with inspiring and meaningful projects. Our focus is on education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your progress with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching, and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for yo