GDS Advisory - Third Party Risk Management Consultant

Job description

Title : Third Party Risk Management – Staff

Level : Staff

Location : Manila

Job Description :

·        Staff in the Risk Advisory team to work on various TPRM projects for our customers across the globe.

·        You will be responsible for delivering on accounts in accordance with EY quality guidelines & methodologies. You will need to execute and coordinate on accounts and relationships on a day-to-day basis and explore new business opportunities for the firm. Establishing, strengthening and nurturing relationships with clients and internally across service lines and proactively will also be a part of your day-to-day activities. You will assist in developing new methodologies and internal initiatives, and help in creating a positive learning culture by coaching, counselling and developing junior team members.

·        In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards, by reviewing the work provided by junior members.

 

Responsibilities

·        Assist Managers in the delivery of third party risk management engagements, such engagements involve performing a security assessment of a client’s third party service providers. This involves:

o  Performing security assessments of new and existing service providers

o  Performing vendor assessment reviews leveraging a SIG Lite or Full SIG

o  Verifying that all required SIG (Lite) questions have been answered by vendor and all required documentation has been received

o  Assessing vendor answers and follow up with vendor directly for questions

o  Conducting a risk analysis and assessment of vendor information and documentation against a client’s IT security and data privacy requirements

o  Identifying whether additional information should be obtained from the vendor

o  Defining appropriate risk levels and corrective actions

o  Identifying issues and work with vendor to resolve/accept

o  Following up on corrective action plans

o  Maintaining issues/items tracker and status updates for each vendor review.

o  Provide risk acceptance and/or risk remediation recommendations

·        Provide guidance and share knowledge with team members and participate in performing procedures focusing on complex, judgmental and/or specialized issues.

·        Maintain relationships with client management to manage expectations of service, including work products, timing, and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to client situations

·        Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the client's business. Demonstrate strong project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services. Understand EY and its service lines and actively assess what the firm can deliver to serve clients

 

·        Supervise the delivery of the engagement against the engagement budget, timeline, and scope

·        Perform quality assurance reviews

·        Provide coaching and guidance to the assessment team members

·        Assist in creating innovative insights for clients, adapt methods & practices to fit operational team needs, contribute to thought leadership documents and develop new methodologies.

·        Facilitate discussions / knowledge sharing with key client personnel and contribute to EY thought leadership.

·        Plan & deliver on client engagements. Provide regular status updates on engagements and work products.

·        Demonstrate strong project management skills

·        Maintain a strong client focus by effectively serving client needs and developing productive working relationships with client personnel. Stay abreast of current business and economic developments and new pronouncements/standards relevant to the client's business.

·        Demonstrate industry expertise (deep understanding of the industry, emerging trends, issues/challenges, key players & leading practices)

·        Review status updates and prepare management presentations/audit committee presentations etc.

·        Actively contribute to improving operational efficiency on projects & internal initiatives.

 

 

Qualifications

·        0 - 3 years of experience in cyber security or third party risk management

·        Experience in executing vendor security reviews required

·        Experience in conducting third party reviews using SIG preferred

·        Use of risk assessment tools and techniques

·        Knowledge of various assessment types (e.g., self-assessments, audits, vulnerability assessments, penetration tests, third-party assurance)

·        Understanding of key industry control frameworks (NIST Cyber Security Framework, COSO, COBIT, ISO 27000, Unified Compliance Framework, etc.)

·        Understanding of Information Security policies and standards

·        High level knowledge and understanding of systems architecture, infrastructure, security and applications

·        Strong analytical capabilities

·        Excellent communications skills

·        Ability to communicate complex Information Security Risk assessment information to non-technical business leaders to ensure they comprehend the risk being assigned to them.

·        Able to effectively communicate evaluation of risk remediation plans to action plan owners to ensure that mitigation activities are appropriately addressed

·        BS in Information Assurance, or other Risk Management practice desired

·        Comprehensive knowledge on business processes and their relationship to technology desirable

·        Experience in working for a large Fortune 100 organization desired

·        CISSP, CISM, CRISC, CISA, or CTTRP. desirable

Title : Third Party Risk Management – Staff

Level : Staff

Location : Manila

Job Description :

·        Staff in the Risk Advisory team to work on various TPRM projects for our customers across the globe.

·        You will be responsible for delivering on accounts in accordance with EY quality guidelines & methodologies. You will need to execute and coordinate on accounts and relationships on a day-to-day basis and explore new business opportunities for the firm. Establishing, strengthening and nurturing relationships with clients and internally across service lines and proactively will also be a part of your day-to-day activities. You will assist in developing new methodologies and internal initiatives, and help in creating a positive learning culture by coaching, counselling and developing junior team members.

·        In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards, by reviewing the work provided by junior members.

 

Responsibilities

·        Assist Managers in the delivery of third party risk management engagements, such engagements involve performing a security assessment of a client’s third party service providers. This involves:

o  Performing security assessments of new and existing service providers

o  Performing vendor assessment reviews leveraging a SIG Lite or Full SIG

o  Verifying that all required SIG (Lite) questions have been answered by vendor and all required documentation has been received

o  Assessing vendor answers and follow up with vendor directly for questions

o  Conducting a risk analysis and assessment of vendor information and documentation against a client’s IT security and data privacy requirements

o  Identifying whether additional information should be obtained from the vendor

o  Defining appropriate risk levels and corrective actions

o  Identifying issues and work with vendor to resolve/accept

o  Following up on corrective action plans

o  Maintaining issues/items tracker and status updates for each vendor review.

o  Provide risk acceptance and/or risk remediation recommendations

·        Provide guidance and share knowledge with team members and participate in performing procedures focusing on complex, judgmental and/or specialized issues.

·        Maintain relationships with client management to manage expectations of service, including work products, timing, and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to client situations

·        Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the client's business. Demonstrate strong project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services. Understand EY and its service lines and actively assess what the firm can deliver to serve clients

 

·        Supervise the delivery of the engagement against the engagement budget, timeline, and scope

·        Perform quality assurance reviews

·        Provide coaching and guidance to the assessment team members

·        Assist in creating innovative insights for clients, adapt methods & practices to fit operational team needs, contribute to thought leadership documents and develop new methodologies.

·        Facilitate discussions / knowledge sharing with key client personnel and contribute to EY thought leadership.

·        Plan & deliver on client engagements. Provide regular status updates on engagements and work products.

·        Demonstrate strong project management skills

·        Maintain a strong client focus by effectively serving client needs and developing productive working relationships with client personnel. Stay abreast of current business and economic developments and new pronouncements/standards relevant to the client's business.

·        Demonstrate industry expertise (deep understanding of the industry, emerging trends, issues/challenges, key players & leading practices)

·        Review status updates and prepare management presentations/audit committee presentations etc.

·        Actively contribute to improving operational efficiency on projects & internal initiatives.

 

 

Qualifications

·        0 - 3 years of experience in cyber security or third party risk management

·        Experience in executing vendor security reviews required

·        Experience in conducting third party reviews using SIG preferred

·        Use of risk assessment tools and techniques

·        Knowledge of various assessment types (e.g., self-assessments, audits, vulnerability assessments, penetration tests, third-party assurance)

·        Understanding of key industry control frameworks (NIST Cyber Security Framework, COSO, COBIT, ISO 27000, Unified Compliance Framework, etc.)

·        Understanding of Information Security policies and standards

·        High level knowledge and understanding of systems architecture, infrastructure, security and applications

·        Strong analytical capabilities

·        Excellent communications skills

·        Ability to communicate complex Information Security Risk assessment information to non-technical business leaders to ensure they comprehend the risk being assigned to them.

·        Able to effectively communicate evaluation of risk remediation plans to action plan owners to ensure that mitigation activities are appropriately addressed

·        BS in Information Assurance, or other Risk Management practice desired

·        Comprehensive knowledge on business processes and their relationship to technology desirable

·        Experience in working for a large Fortune 100 organization desired

·        CISSP, CISM, CRISC, CISA, or CTTRP. desirable