GDS Advisory _ Third Party Risk Management Consultant
Ernst & Young AG
Philippines
9d ago

GDS Risk Advisory - Third Party Risk Management Staff

PH-All-Taguig City

  • Staff under Risk Advisory team to work on various TPRM projects for our customers across the globe.
  • You will be responsible for delivering on accounts in accordance with EY quality guidelines & methodologies. You will need to execute and coordinate on accounts and relationships on a day-
  • to-day basis and explore new business opportunities for the firm. Establishing, strengthening and nurturing relationships with clients and internally across service lines and proactively will also be a part of your day-

    to-day activities. You will assist in developing new methodologies and internal initiatives, and help in creating a positive learning culture by coaching, counselling and developing junior team members.

    Responsibilities

  • Assist Seniors / Manager in the delivery of third party risk management engagements, such engagements involve performing a security assessment of a client’s third party service providers. This involves :
  • o Performing security assessments of new and existing service providers

    o Performing vendor assessment reviews leveraging a SIG Lite or Full SIG

    o Verifying that all required SIG (Lite) questions have been answered by vendor and all required documentation has been received

    o Assessing vendor answers and follow up with vendor directly for questions

    o Conducting a risk analysis and assessment of vendor information and documentation against a client’s IT security and data privacy requirements

    o Identifying whether additional information should be obtained from the vendor

    o Defining appropriate risk levels and corrective actions

    o Identifying issues and work with vendor to resolve / accept

    o Following up on corrective action plans

    o Maintaining issues / items tracker and status updates for each vendor review.

    o Provide risk acceptance and / or risk remediation recommendations

  • Provide guidance and share knowledge with team members and participate in performing procedures focusing on complex, judgmental and / or specialized issues.
  • Maintain relationships with client management to manage expectations of service, including work products, timing, and deliverables.
  • Demonstrate a thorough understanding of complex information systems and apply it to client situations

  • Use extensive knowledge of the client's business / industry to identify technological developments and evaluate impacts on the client's business.
  • Demonstrate strong project management skills, inspire teamwork and responsibility with engagement team members, and use current technology / tools to enhance the effectiveness of deliverables and services.

    Understand EY and its service lines and actively assess what the firm can deliver to serve clients

  • Supervise the delivery of the engagement against the engagement budget, timeline, and scope
  • Perform quality assurance reviews
  • Provide coaching and guidance to the assessment team members
  • Assist in creating innovative insights for clients, adapt methods & practices to fit operational team needs, contribute to thought leadership documents and develop new methodologies.
  • Facilitate discussions / knowledge sharing with key client personnel and contribute to EY thought leadership.
  • Plan & deliver on client engagements. Provide regular status updates on engagements and work products.
  • Demonstrate strong project management skills
  • Maintain a strong client focus by effectively serving client needs and developing productive working relationships with client personnel.
  • Stay abreast of current business and economic developments and new pronouncements / standards relevant to the client's business.

  • Demonstrate industry expertise (deep understanding of the industry, emerging trends, issues / challenges, key players & leading practices)
  • Review status updates and prepare management presentations / audit committee presentations etc.
  • Actively contribute to improving operational efficiency on projects & internal initiatives.
  • Qualifications

  • Minimum 2 years of experience in cyber security or third party risk management
  • Experience in executing vendor security reviews required
  • Experience in conducting third party reviews using SIG preferred
  • Use of risk assessment tools and techniques
  • Knowledge of various assessment types (e.g., self-assessments, audits, vulnerability assessments, penetration tests, third-party assurance)
  • Understanding of key industry control frameworks (NIST Cyber Security Framework, COSO, COBIT, ISO 27000, Unified Compliance Framework, etc.)
  • Understanding of Information Security policies and standards
  • High level knowledge and understanding of systems architecture, infrastructure, security and applications
  • Strong analytical capabilities
  • Excellent communications skills
  • Ability to communicate complex Information Security Risk assessment information to non-technical business leaders to ensure they comprehend the risk being assigned to them.
  • Able to effectively communicate evaluation of risk remediation plans to action plan owners to ensure that mitigation activities are appropriately addressed
  • BS in Information Assurance, or other Risk Management practice desired
  • Comprehensive knowledge on business processes and their relationship to technology desirable
  • Experience in working for a large Fortune 100 organization desired
  • GDS Risk Advisory - Third Party Risk Management Staff

    PH-All-Taguig City

  • Staff under Risk Advisory team to work on various TPRM projects for our customers across the globe.
  • You will be responsible for delivering on accounts in accordance with EY quality guidelines & methodologies. You will need to execute and coordinate on accounts and relationships on a day-
  • to-day basis and explore new business opportunities for the firm. Establishing, strengthening and nurturing relationships with clients and internally across service lines and proactively will also be a part of your day-

    to-day activities. You will assist in developing new methodologies and internal initiatives, and help in creating a positive learning culture by coaching, counselling and developing junior team members.

    Responsibilities

  • Assist Seniors / Manager in the delivery of third party risk management engagements, such engagements involve performing a security assessment of a client’s third party service providers. This involves :
  • o Performing security assessments of new and existing service providers

    o Performing vendor assessment reviews leveraging a SIG Lite or Full SIG

    o Verifying that all required SIG (Lite) questions have been answered by vendor and all required documentation has been received

    o Assessing vendor answers and follow up with vendor directly for questions

    o Conducting a risk analysis and assessment of vendor information and documentation against a client’s IT security and data privacy requirements

    o Identifying whether additional information should be obtained from the vendor

    o Defining appropriate risk levels and corrective actions

    o Identifying issues and work with vendor to resolve / accept

    o Following up on corrective action plans

    o Maintaining issues / items tracker and status updates for each vendor review.

    o Provide risk acceptance and / or risk remediation recommendations

  • Provide guidance and share knowledge with team members and participate in performing procedures focusing on complex, judgmental and / or specialized issues.
  • Maintain relationships with client management to manage expectations of service, including work products, timing, and deliverables.
  • Demonstrate a thorough understanding of complex information systems and apply it to client situations

  • Use extensive knowledge of the client's business / industry to identify technological developments and evaluate impacts on the client's business.
  • Demonstrate strong project management skills, inspire teamwork and responsibility with engagement team members, and use current technology / tools to enhance the effectiveness of deliverables and services.

    Understand EY and its service lines and actively assess what the firm can deliver to serve clients

  • Supervise the delivery of the engagement against the engagement budget, timeline, and scope
  • Perform quality assurance reviews
  • Provide coaching and guidance to the assessment team members
  • Assist in creating innovative insights for clients, adapt methods & practices to fit operational team needs, contribute to thought leadership documents and develop new methodologies.
  • Facilitate discussions / knowledge sharing with key client personnel and contribute to EY thought leadership.
  • Plan & deliver on client engagements. Provide regular status updates on engagements and work products.
  • Demonstrate strong project management skills
  • Maintain a strong client focus by effectively serving client needs and developing productive working relationships with client personnel.
  • Stay abreast of current business and economic developments and new pronouncements / standards relevant to the client's business.

  • Demonstrate industry expertise (deep understanding of the industry, emerging trends, issues / challenges, key players & leading practices)
  • Review status updates and prepare management presentations / audit committee presentations etc.
  • Actively contribute to improving operational efficiency on projects & internal initiatives.
  • Qualifications

  • Minimum 2 years of experience in cyber security or third party risk management
  • Experience in executing vendor security reviews required
  • Experience in conducting third party reviews using SIG preferred
  • Use of risk assessment tools and techniques
  • Knowledge of various assessment types (e.g., self-assessments, audits, vulnerability assessments, penetration tests, third-party assurance)
  • Understanding of key industry control frameworks (NIST Cyber Security Framework, COSO, COBIT, ISO 27000, Unified Compliance Framework, etc.)
  • Understanding of Information Security policies and standards
  • High level knowledge and understanding of systems architecture, infrastructure, security and applications
  • Strong analytical capabilities
  • Excellent communications skills
  • Ability to communicate complex Information Security Risk assessment information to non-technical business leaders to ensure they comprehend the risk being assigned to them.
  • Able to effectively communicate evaluation of risk remediation plans to action plan owners to ensure that mitigation activities are appropriately addressed
  • BS in Information Assurance, or other Risk Management practice desired
  • Comprehensive knowledge on business processes and their relationship to technology desirable
  • Experience in working for a large Fortune 100 organization desired
  • Apply
    Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Continue
    Application form