Region Security Manager - Assistant Director (East Region)

Job description

Job Summary

EY Global Security promotes a safe and secure working environment at EY offices and client sites. The Region security manager plays a key role in driving the regional implementation of Global Security’s policies and guidance and develops and matures key elements of core Global Security disciplines, consistent with local threats and risks. This person works with Region leadership; Global Security; and Global, Area and Region Risk Management subject-matter professionals on security and risk issues.

Essential functions of the job:
Working with the Region managing partner, Region director of administration and Global Security, the role entails involvement with, but is not limited to, the following activities:

Planning and policy
Understand and assist in the implementation of the EY Global Security Policy, which will include security operations, threat and risk monitoring, business continuity management (emergency preparedness and response planning and business continuity planning), physical security, asset protection (insider threat), travel security, and executive and meeting protection.

Business continuity management
Emergency response plan and procedures must be developed at office location level and must include at a minimum:
• Assigned crisis management team (CMT) and alternates, with agreed responsibilities
• Notification and escalation tool and procedures (including full implementation of the EY mass notification tool)
• Published list of immediate and subsequent actions to manage an emergency
• Procedures for communicating in advance of, during and after an emergency to EY people and families, clients, stakeholders and media
• Greater specificity of planning and strength of resilience when there is an elevated threat or risk exposure
• Coordination with landlord’s and local emergency responders’ plans
• Regular training and exercise to prepare the CMT to respond effectively to a crisis situation (including test of the mass notification tool once implemented)
• Annual plan maintenance process to routinely update plans to reflect the changes in staffing and logistics
• Business continuity plans and procedures must be developed on an office, country or Region level (as appropriate for the geographical size under consideration with scope of plans devised in coordination with Global Security) and must include at a minimum:
• Assigned business continuity plan management team and alternates with agreed-upon responsibilities
• Notification and escalation procedures
• Process for identifying critical functions and requirements through a business impact analysis
• Process for prioritizing clients and client service commitments and responsibilities
• Published list of immediate and subsequent actions to manage a business interruption
• Arrangements and recovery procedures to meet critical requirements in established time scales
• Development of and reference to, or inclusion of, the pandemic plan and any related infectious disease plans
• Confirmation of business continuity plans in place that meet the EY recovery requirements with critical local suppliers and service providers
• A method for monitoring and tracking disaster-related expenses sufficient to document continuity insurance claims
• Annual training and exercise to prepare the business continuity plan team to recover effectively in a disaster situation
• Annual plan maintenance process to routinely update plans to reflect the changes in staffing and processes

Physical security
To safeguard people and physical assets at EY offices, physical security implementation must include, at a minimum:
• Formal written documentation of all existing controls
• When considering new office space, a review of risk and threats present in and around the site and what controls the landlord is offering to offset these threats and risks
• Controls to manage access to EY facilities
• Controls to make certain access systems permit only authorized persons into EY spaces
• Controls to create an audit trail of access to and movement within EY offices
• Controls to limit access to sensitive areas (data rooms, records centers) to only those with a business need
• Management of security data in compliance with applicable laws, regulations and privacy policies
• Controls to manage visitors’ access and use of EY facilities
• Controls to allow temporary access to EY facilities for visiting EY personnel and local EY personnel who have forgotten their security credentials
• Controls to manage vendors (e.g., cleaning staff, repair people, building maintenance) and other non-EY people who need access to EY spaces
• Technical or manual controls to make certain that office perimeters and sensitive access doors are operating correctly
• Controls to safely manage inbound and outbound mail and packages
• Controls to make certain handling of personally identifiable information is consistent with relevant EY privacy policies

Asset protection
Asset protection implementation must include, at a minimum:
• Prevention, detection and response to insider threats (as defined through the EY Insider threat program)
• Asset protection processes and reporting protocols

Travel security
The travel security discipline includes, at a minimum:
• Use of the EY travel compliance process for travel to extreme-risk destinations and compliance process must be initiated as soon as potential travel is anticipated to prevent negative impact from any unknown delays that may result
• Coordination with Region travel services providers and use, coordination and implementation of travel security tools

Executive and meeting protection
Protection of EY executives and meetings must include, at a minimum:
• Identification of EY executives warranting protections enumerated within this security discipline
• Provision of extraordinary support in extreme- and high-risk destinations, as warranted
• Threat and risk assessment for meetings reflecting:
• The status or public interest of external speakers and attendees
• Other events taking place at the same time, either at the venue or in the vicinity
• Capabilities of existing in-house security arrangements
• Procedures to protect sensitive discussions and documentation (spoken, electronic and hard copy)
• Confirmation of appropriate conference and hotel facility emergency preparations
• Pre-identification of local emergency services (fire, police, medical)

Security operations
Security operations requirements for the Region include:
• Participation in compliance processes related to any and all security disciplines
• Communication of awareness material across the Region
• Reporting about completion status of the implementations referred to in any of the security disciplines
• Support and participation in any cross-functional security initiatives applicable to the Region
• Conduct threat assessments
• Work with local, state and federal law enforcement agencies to resolve issues, such as missing persons; theft; or threats against the firm’s workforce, brand, locations or assets
• Ability to communicate with executive leadership
• Coordinate with Enterprise Support Services, Talent Team, EY Assist, General Counsel’s Office and other business units, as necessary, to identify and document existing security practices and recommend revisions
• Facilitate training for active shooter and workplace violence threats
• Must have 24/7 availability in the event of emergency events requiring immediate response, either telephonically or in person, as appropriate, and the capability to cover other Regional security managers during their off or away time

Key Responsibilities  

 
The role is responsible for collaborating with the Region managing partner, Region director of administration, the EY Global Security team and other functions to further strengthen the firm’s internal and external security. To accomplish this, it is important for this role to analyze the business environment, geographical variations, security requirements and stakeholder expectations.

• Highly developed interpersonal skills capable of building and sustaining effective working relationships internally and externally across countries and cultures largely by use of phone and email
• Desire to understand the EY culture and deliver a service that is both appropriate and of the highest quality
• Excellent analytical and problem-solving skills, combined with the flexibility to change priorities and respond quickly according to circumstances
• At ease in a dynamic environment, remains unruffled under substantial and sustained pressure
• The tact and awareness to be able to communicate effectively at every level of the organization
• Innovative, highly motivated, very positive, and with both the ambition and drive to succeed and the pragmatism to develop workable resolutions when required by the EY structure
• An exceptional team player
• Willing to take ownership of any issue, both big and small
• Fluent communicator, both orally and in writing

Qualifications, education and certification

• The individual should have a bachelor’s degree or equivalent experience.
• The individual should be currently acting at a supervisory level with at least 10 years’ experience in a dynamic security environment or law enforcement environment. It is preferred if this experience has been within a large national, international or multinational organization.
• A recognized security or business continuity qualification (such as CPP, PSP, CBCI, CSyP, CBCP or MBCP)
• Graduation from the FBI National Academy or similar level police command leadership curriculum
• Formalized experience conducting threat assessments related to workplace violence or protection of people and assets, active shooter training or curriculum development

EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.