Manager, IT/OT Cyber Assurance ( Energy & Industrials )

at  EY

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.
EY’s people in more than 150 countries are committed to operating with integrity, quality and professionalism in the provision of audit, tax, transaction and consulting services. We strive to help all of our people achieve their professional and personal goals through an inclusive environment that values everyone’s contributions, appreciates diversity of thought, fosters growth, and provides continuous opportunities for development. Recognized as one of Canada’s top employers, EY continually strives to be a great place to work.

THE OPPORTUNITY

We are seeking an accomplished and motivated Manager to lead the delivery of our Cybersecurity Assurance services for Internal Audit customers across Canadian Energy and Industrial companies. This role is pivotal in driving the growth, management, and success of our cybersecurity services tailored for Internal Audit (IA) teams, particularly those dealing with the complexities of IT and Operational Technology (OT) environments.
The Manager will be responsible for evolving our service portfolio to meet market demands and ensuring the delivery of high-quality cybersecurity assessments. This role demands a strong leader who can balance business management with deep technical expertise, ensuring that our offerings not only meet but exceed the expectations of IA leaders across various sectors.

SKILLS AND ATTRIBUTES FOR SUCCESS

• Experience: 5+ years of experience in internal audit, or cybersecurity, with at least 3 years doing both. Experience in IT/OT environments is highly desirable.
• Education: Bachelor’s degree in cybersecurity, information technology, business administration, or a related field. Advanced degrees are a plus.

Skills:

• Strong leadership and team management skills.
• Deep understanding of IA processes, particularly in the context of IT/OT cybersecurity.
• Excellent communication and client relationship management abilities.
• Proven ability to manage complex projects and deliver high-quality results.
• Strategic thinking with a focus on innovation and continuous improvement.
• Desired Certifications:
• Internal Audit Certifications:
• Certified Internal Auditor (CIA)
• Certified Information Systems Auditor (CISA)
• Certification in Risk Management Assurance (CRMA)
• Cybersecurity Certifications:
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• Operational Technology Certifications:
• Global Industrial Cyber Security Professional (GICSP)
• Certified SCADA Security Architect (CSSA)
• ISA/IEC 62443 Cybersecurity Certificate Programs (e.g., ISA/IEC 62443 Cybersecurity Expert)

1. Practice Leadership and Management

• Business Development: Drive the growth of the Cybersecurity Assurance practice by developing strategic plans, identifying new business opportunities, and cultivating strong relationships with IA leaders in target industries.
• Team Leadership: Lead, mentor, and develop a team of cybersecurity professionals, fostering a culture of excellence, collaboration, and continuous learning.
• Financial Management: Contribute to the financial performance of the practice, including budgeting, forecasting, and ensuring profitability through efficient resource allocation and project management.
• Client Engagement: Serve as the primary point of contact for key clients, ensuring that their needs are met with tailored solutions that address their specific IA challenges related to IT/OT cybersecurity.

1. Portfolio Management and Development

• Service Evolution: Continuously assess and refine our service offerings to stay ahead of industry trends and client needs, particularly in areas like risk identification, audit planning support, assessment execution, and ongoing training for IA teams.
• Thought Leadership: Develop and contribute to thought leadership content, such as white papers, articles, and presentations, to position the practice as a leader in IA-focused cybersecurity.
• Innovation: Lead initiatives to integrate emerging technologies and methodologies into our service portfolio, ensuring that our offerings remain cutting-edge and relevant to IA leaders.

1. Delivery and Execution

• Project Oversight: Lead the delivery of cybersecurity assessments and related services, ensuring that projects are completed on time, within scope, and to the highest standards of quality.
• Client Solutions: Work closely with clients to understand their unique challenges and tailor assessments that provide actionable insights, helping IA teams identify, assess, and mitigate IT/OT cybersecurity risks.
• Quality Assurance: Implement and maintain rigorous quality control processes to ensure the accuracy, relevance, and impact of all deliverables.

1. Collaboration and Communication

• Cross-Functional Collaboration: Collaborate with other practice areas, including M&A, IT, and OT advisory teams, to deliver integrated solutions that address the broader needs of our clients.
• Stakeholder Communication: Effectively communicate with senior leadership, clients, and team members to ensure alignment on goals, expectations, and deliverables.
• Training and Development: Lead internal training initiatives to ensure that team members are equipped with the latest skills and knowledge needed to deliver exceptional services to IA clients.