Risk Consulting - Manager - IT Risk Management

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

Risk Consulting – Manager - IT Risk Management & IT Compliance

The opportunity: your next adventure awaits.
Are you a tech-savvy professional with a risk mindset who is passionate about building a better working world through the power of people, technology, and innovation? We have an incredible opportunity for you to join our dynamic Technology Risk team and make a real impact in the rapidly evolving world we live in. Within Risk Consulting, you will focus in the areas of areas of IT Risk Management, IT SOX, IT Regulatory Compliance, IT Audits, IT and Digital Transformations (including ERP and Cloud transformations), while enabling technology to better manage risk. As a member of our team, you will have the chance to work with industry leaders and help transform businesses by tackling the most complex challenges with our clients.
This is client-facing role in a rapidly growing practice, where you’ll build client relationships with key stakeholders, including management executives for some of the most globally recognized brands. It makes this the perfect place to gain a deeper understanding of complex businesses transactions, all the while recommending solutions to some of the most pressing business challenges and process inefficiencies. You will also team up with our global professionals in multidisciplinary engagements, helping major global clients transform and sustain business performance. You will be leveraging emerging technologies like AI, ML, to build and enhance new solutions and actively work in building multiple tools and assets for efficient and effective client delivery. By plugging into our market-leading global network, you'll gain the experience you need to become an exceptional IT Risk Advisor.

Your Key Roles and Responsibilities

Client management

• Develop strong client relationships and engage in conversations with key client executives to understand their business and industry trends.
• Collaborate with onshore teams to gain a deep understanding of global clients' businesses and the challenges they face in their respective industries.
• Contribute to the development of new IT Risk Management solutions by analyzing industry trends and addressing specific client issues.
• Participate in knowledge sharing sessions and contribute to EY's thought leadership to enhance the firm's expertise in IT Risk and Compliance.
• Support go-to-market strategies, assist in creating proposals, and respond to RFPs, including preparing for and participating in client presentations.
• Identify and nurture relationships with buyers, influencers, and stakeholders within existing client engagements to strengthen partnerships.
• Explore opportunities for cross-selling by introducing clients to other relevant service lines and collaborating with colleagues across the firm.
• Generate innovative insights for clients, tailor methods and practices to meet the needs of operational teams and contribute to the creation of thought leadership materials.

Delivery and Team management

• Gain a comprehensive understanding of clients' technology strategies to manage risks effectively during their business transformation.
• Assist in planning and scheduling client engagements, ensuring the deployment of teams with the appropriate skill sets for executing engagements and periodically reviewing the status of engagements and work products.
• Manage engagements in the areas of IT Risk Management, IT SOX, IT Regulatory Compliance, and IT Audits, ensuring high-quality delivery and client satisfaction.
• Contribute to enhancing operational efficiency on projects and internal initiatives by applying lessons learned from previous projects.
• Assist in monitoring engagement economics, support timely billing of invoices, and actively participate in follow-up on collections.
• Supervise and mentor a team of professionals to deliver high-quality services across multiple processes for clients and assist in conducting comprehensive risk assessments to identify and prioritize potential IT risks.
• Build and maintain productive working relationships with client personnel, demonstrating a strong client focus and serving client needs effectively.
• Develop subject matter expertise by understanding industry trends, challenges, key players, and best practices.
• Keep abreast of new developments in the industry and technology, propose innovative solutions to the engagement teams, and advise clients on potential risks and opportunities related to their business and technology landscape.

Operational Excellence

• Suggest ideas on improving engagement productivity and identify opportunities for improving client service. 
• Manage engagement budgets and ensure compliance with engagement plans and internal quality & risk management procedures. 

People related

• Display teamwork, integrity and leadership. Work with team members to set goals and responsibilities for specific engagements. Foster teamwork and innovation.
• Utilize technology & tools to continually learn and innovate, share knowledge with team members and enhance service delivery.
• Understand EY and its service lines. Actively encourage team members to contribute ideas.
• Conduct workshops and technical training sessions for team members. Contribute to the learning & development agenda and knowledge harnessing initiatives.

To qualify for the role, you must have

• Chartered accountant (CA) or Master’s degree in management, Information Systems/ Technology, Computer Science, Business Analytics, Cybersecurity, or a related discipline  
• Passion for technology and an ardent desire to work in risk management.
• Minimum 10 years of a “Big 4” or professional firm or professional industry experience in risks & controls, with more than 8 years of experience in IT Risk Management, IT Regulatory Compliance, IT Audit and IT Transformation Risk areas such as:
  • Lead the planning and execution of IT risk assessments and compliance audits, ensuring alignment with industry standards and regulatory requirements.
  • Develop and maintain IT risk and compliance frameworks, incorporating best practices and legal mandates to support client business strategies.
  • Manage and mentor a team of IT risk and compliance consultants, fostering a culture of continuous learning and professional development.
  • Provide expert advice on IT governance, risk management, and compliance (GRC) issues, helping clients to navigate complex regulatory landscapes.
  • Design and implement risk mitigation strategies and compliance programs, including policies, procedures, and controls, to protect client information assets.
  • Conduct in-depth analysis of IT environments, identifying compliance gaps and risk exposures, and recommending actionable solutions.
  • Collaborate with clients to understand their business processes, technology infrastructure, and data protection needs, ensuring tailored risk and compliance services.
  • Engage with stakeholders across various levels of client organizations to promote awareness and understanding of IT risk and compliance issues.
  • Prepare comprehensive reports and presentations that clearly communicate audit findings, risk assessments, and compliance status to clients and senior management.
  • Oversee the remediation of identified issues, tracking progress and verifying the effectiveness of implemented controls.
  • Contribute to business development efforts by identifying new opportunities, participating in proposal development, and delivering persuasive client presentations.
  • Ensure the quality and consistency of project deliverables by adhering to the firm's methodologies and quality assurance standards.
  • Monitor project timelines, resources, and budgets, adjusting plans as necessary to meet client expectations and engagement objectives.
  • Design of IT Risk Controls frameworks and RACMs
  • Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc.
  • Understanding of IT regulatory compliances such as IT SOX, GDPR, ISO, PCI DSS etc.
• Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities.
• Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant)
• Cognitive problem-solving capabilities, quick decision-making skills and ability to handle complex situations with a calm demeanor
• Exceptional interpersonal, written, and verbal communication skills  
• Effective organization and time management skills with the ability to work under pressure and adhere to project deadlines.
• Globally mobile and flexible to travel to onsite locations.
• Team player with strong interpersonal skills
• Ability to think differently and innovate

Ideally, you’ll also have

• Responsible for the performance and appraisal of direct reports, including training and developing necessary skill sets to enable them to grow in their careers. 
• Mentor and coach junior team members, enabling them to meet their performance goals and successfully grow their careers. 

EY | Building a better working world 

 
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.  

 
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  

 
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.