Offers “Ernst & Young”

Expires soon Ernst & Young

Information Assurance Associate-UKI-Operations-Permanent -London

  • Internship
  • London (London)
  • Legal

Job description



Are you an information security professional with delivery experience? Have you played a key role in the implementation and delivery of security and privacy guidance and standards in the UK public sector?

 

The opportunity

The Information Assurance Associate will be a subject matter resource within EY’s Core Business Service (CBS) function, reporting to the Information Security Program Lead (UK & Ireland) and work in partnership with members of the UK CBS Regional Operations team, the global EY Technology organisation and various other stakeholders.

 

The role holder willfacilitate planning and delivery of information security and privacy services, programs and initiatives, to support people and teams across the EY firms in UK and Ireland, including:

technology deployments (e.g. data loss prevention, identity and access management);

security capability / maturity improvement projects;

delivery of project risk briefings, management information briefings and privacy impact assessments;

interaction with internal business units, clients and suppliers around risk assurance;

induction, awareness and ongoing information and cyber security education;

From concept to delivery, the Information Assurance Associate will advise business stakeholders on how to achieve the relevant security and privacy controls and assist with solutions to support them. A core competency will besustaining EY’s information security capability and compliance with UK-specific industry standards and UK public sector guidance and controls, to manage the risk to EY and enable the firm to be competitive in the market. The ability to know when to escalate issues as appropriate is a key component of this role.

Your key activities and responsibilities

·  Activities will include documenting EY’s information security capability around UK public sector guidance and standards, creating and maintaining a repository of compliance information, so that it is available and auditable by both internal and external stakeholders.
·  Ongoing ownership of EY’s self-accreditation and compliance with UK governmental security requirements, e.g. MOD’s Defence Assurance and Information Security
·  Deliver demonstrable compliance with business-critical requirements standards and certification to effectively manage the risk to the Firm, supporting CBS Regional Operations, especially the IMS Manager for ISO 27001 and Information Governance Lead, to ensure the macro compliance picture is captured and documented.
·  From time to time, act as a subject matter resource to EY’s internal Information Governance Programme, working collaboratively with Risk Management, Procurement and EY Technology to ensure due process is being followed; support adherence to quality standards (e.g. ISO27001, Cyber Essentials) and champion best practice with a view to ultimately mitigating risks and maximising value through supply/demand led initiatives.
·  In conjunction with the Information Security Program Lead (UK & Ireland) map and document the provision and maintenance of accurate and reliable risk management, partnering with functions across the firm to ensure identification of critical business processes, and to ensure that all key risks are properly identified, assessed, monitored, controlled and reported in a timely fashion.
·  To undertake, where appropriate, support of second- and third-line assurance of the adequacy and effectiveness management of its risks, controls and processes in conjunction with the Information Security Program Lead (UK & Ireland)
·  In addition, the role holder will be expected to perform horizon scanning, to be able to plan for and manage successful outcomes for any business-critical compliance standards, having considered the associated risks. 
·  Provide, as required, subject matter expert guidance to the UK&I service lines and CBS functions (e.g. Supplier Relationship Management, Date Protection, Procurement and Legal) to ensure business cohesion.

Skills and attributes for success

·  While you may be at the start of your Information Assurance career, you should have a strong technicalunderstanding and continue to build a sound knowledge of security industry standards. You will need to work closely with operational units and translate technical concepts to business facing stakeholders. From time to time, you may need to engage with external stakeholders including client and supply chain security teams, regulatory authorities and external auditors so you must be able to demonstrate the ability to communicate with confidence and gravitas.
·  The role holder will need to build a sound knowledge of the applications, vendors, infrastructure, business processes and data repositories used by the EY UK and Ireland firms, but recognise that security is just one of the risks that EY leadership must assess. The role holder must also be able to understand the balance between the needs of the firm in creating value, and the drive to manage security risk to an acceptable level.
·  Strong understanding of Information Security related aspects including regulatory requirements and policies, technical control processes and security solutions within a commercial environment
·  An ability to raise the profile of security within the organisation by being proactively involved with internal stakeholders and habitually seeking opportunities to inform, engage and/or train people across the firm on information security and cyber hygiene.
·  An understanding of IT delivery programmes, service delivery models, risk management analysis techniques and the principles of information security in a commercial environment

To qualify for the role, you should have

·  A professional information security qualification (e.g. current CISM or CRISC preferred)
·  Working knowledge of the HMG Security Policy Framework and other HMG data classification and accreditation policies and guidance
·  The ability to hold UK security clearance up to Security Check
·  A strong IT delivery and operational background, delivered across multiple sites and/or remotely
·  Experience influencing third party suppliers that are not directly managed
·  A graduate level education with a relevant degree or equivalent industry experience
·  Experience of working in a professional services organisation would be beneficial e.g. understanding and having worked in a Partnership and complex matrix organisation

 

What we look for

We need someone who is resilient, able to operate calmly under pressure in a complex / matrix environment and has a delivery focus. The ideal role holder will be target driven and generally politically astute, will act and communicate with integrity and commercial acumen.

 

What working at EY offers

We offer a competitive remuneration package where you’ll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well-being, insurance, savings and a wide range of discounts, offers and promotions. Plus, we offer:

 

Support, coaching and feedback from some of the most engaging colleagues around

Opportunities to develop new skills and progress your career

The freedom and flexibility to handle your role in a way that’s right for you

 

EY is committed to being an inclusive employer and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.

About EY

As a global leader in assurance, tax, transaction and advisory services, we’re using the finance products, expertise and systems we’ve developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities andcreativefreedom to make things better.Whenever you join, however long you stay, theexceptionalEY experience lasts a lifetime.And with a commitment to hiring and developing the most passionate people, we’ll make our ambition to be the best employer by 2020 a reality.

 

 
Please note

Prior to finalizing your application, you will be asked to provide personal information across several dimensions of diversity and inclusiveness. The information you provide is kept entirely confidential and will not be used to evaluate your candidacy. We collect this data to help us analyse our recruitment process holistically and implement actions that promote diversity and inclusiveness. While optional, we encourage you to provide this information to hold us accountable towards our goal of building a better working world. Read more about our commitment to diversity & inclusiveness here . We ask because it matters!

 

If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.

 

Join us in building a better working world. 

 

Apply now.

.

Who we are

EY is committed to being an inclusive employer and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.

 

Make every future a success.
  • Job directory
  • Business directory