1. Home
  2. Accounting / Management control
  3. EY - GDS – Global Vendor Management - Vendor Risk Compliance Owner

Offers “Ernst & Young”

Expires soon
Ernst & Young

EY - GDS – Global Vendor Management - Vendor Risk Compliance Owner

  • Internship
  • Bangalore (Bangalore Urban)
  • Accounting / Management control
Apply Now

Job description



EY - GDS – Global Vendor Management - Vendor Risk Compliance Owner

 

As part of EY GDS, the Vendor Risk Compliance Owner (VRCO) will formulate and review vendor risk management implementation and alignment with corporate initiatives in the newly envisioned Global Vendor Management team.

 

The opportunity

 

We’re looking for an Associate Director who would work directly with other organizational departments to collect and review vendor risk management implementation and alignment with corporate initiatives, assess areas of the business where vendor management does not occur and report on metrics of the Third Party Risk and Vendor Management alignment to the CISO. In addition, this role will work with the rest of GRC team, as well as corporate ISMS and share results so the corporate risk register is updated. They will then work directly with their leaders to assess the vendor risk and develop solutions based on the needs of the organization.

 

Your key responsibilities

 

·  Generates, analyses and manages accurate and timely client proposals

·  The Vendor Risk Compliance Owner provides management and mentorship of security/privacy regulatory requirements to drive organizational vendor risk-related processes and programs.

·  Works with senior leaders to determine audit needs

·  Monitor compliance with security and data privacy regulations globally by interfacing with legal, sales, delivery, and other security team’s members

·  Compliance monitoring will be accomplished by making use of output from all organizational audit and assessment functions where available and if no data is available perform audits or assessments

·  Report to CISO on compliance status

·  Fulfil the role of regulatory defined security official when required by the organization

·  Consult with legal on duties of said roles to understand and then help VMO fulfil the regulatory defined obligations

·  Interface with policy, ISMS, and Risk Assessment teams to ensure that regulatory requirements are addressed by the organization

·  Educate the organization on vendor risk management requirements as instructed by the CISO or Security Compliance Director

·  Partnering with EY internal groups to collect metrics and report status of vendor risk assessments performed under the CISO and CIO organizations

·  Developing, updating, and handling vendor risk programs and processes to protect our people, information, reputation, and property

·  Identifying, assessing, and determining potential risk from vendor assessments due to regulations to resolve possible outcomes and resulting impact to EY

·  Designing and implementing reporting methods for communicating compliance

·  Analysing and monitoring vendor program compliance risk indicators to gain predictability into risk trends and drive planning and results

·  Mitigating and otherwise managing risk by responding to events and supporting the generation of new solutions to minimize impact to EY

·  Conducts cross organizational training and awareness for business teams, selling the "mission"

·  Contributes to team effort by exploring new opportunities to add value to organization and processes

·  Assist in establishing new contracts as part of divestitures, working closely with other EY functions

·  Provide project support to integrate and implement new vendor products and services

·  Assist in evaluation of operations of vendors against agreed service levels

·  Works with business owners, vendor management and other departments as required to help resolve vendor issues and to obtain and review vendor documentation

·  Assists Vendor Management with due diligence and oversight activities to include review of financial performance, reports over internal controls

 

Skills and attributes for success

·  Fluent in English – written and verbal

·  Analysing large quantities of data in order to form and communicate a crisp view of the vendor performance landscape

·  Continuously advising the account leadership team on expected financial performance vs. plan based upon analytics such as trend analysis and modelling of forward-looking scenarios

·  Operational knowledge of RFP development and analysis

·  Outstanding knowledge of service level agreement

·  Continuously advising the leadership team on expected performance vs. contractual obligations

·  Providing contractual modelling and advice to support pricing decisions

·  Able to work in a self-sufficient manner, operating across multiple vendors

·  Understands the commercial drivers of vendor performance

·  Synthesizes and communicates detailed contractual information in support of an effective decision-making process

·  Forms and communicates a clear and concise view of contractual performance

·  Utilizes sound financial practices to support operational decisions

·  Delivers cogent messages, encompassing legal/financial analysis and recommendations

·   Demonstrates appreciation and respect of varying cultures – both corporate and geographical

 To qualify for the role, you must have

·  Bachelor's degree in information technology or information management

·  10-12 years of experience in information security required

·  At least 7 years of information security in regulated environments

·  Direct experience with regulated environments including healthcare, finance and/or GDPR

·  10 years minimum Management experience

·  Information Third Party Risk Management

·  Information Security Governance including knowledge of ISO 27001 and NIST standards

Preferred Certifications

·  Certified Information Systems Security Professional (CISSP)

·  Certified Information Security Auditor (CISA)

·  Certified in Risk and Information Systems Control (CRISC)

·  Certified Third Party Risk Professional (CTPRP)

Ideally, you’ll also have

·  Experience working with security executives and Information Security Officers Experience working in regulated industries (Financial, Healthcare, GDPR, etc.)

What we look for

·  A Team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment
·  Opportunities to work with EY practices globally

What working at EY offers

At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are.
You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

·  Support, coaching and feedback from some of the most engaging colleagues around
·  Opportunities to develop new skills and progress your career
·  The freedom and flexibility to handle your role in a way that’s right for you

About EY

As a global leader in assurance, tax, transaction and advisory services, we’re using the finance products, expertise and systems we’ve developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. And with a commitment to hiring and developing the most passionate people, we’ll make our ambition to be the best employer by 2020 a reality.

Make every future a success.
  • Job directory
  • Business directory
    •