RC - RISK MANAGEMENT - NON FS TPRM - Senior

Requisition ID: 1619873. EY is seeking a Senior in Third-Party Risk Management to join the leadership group of their NFS TPRM team. The role involves leading and working closely with the manager in the delivery of TPRM engagements, designing and implementing TPRM operating models, and assessing the application of legal and regulatory requirements to clients' TPRM practices.

Requirements

• 4 to 8 years of demonstrated experience with Risk Management across the Third-Party engagement lifecycle (pre-contracting, contracting, and post contracting) and an understanding of the associated organizational infrastructure (e.g., relevant internal controls, business processes, governance structures).
• Strong understanding of the TPRM framework, Risk Management, Information Security practices.
• Demonstrate a good understanding of the Contract Risk Review management process.
• Hands-on exposure to TPRM tools and technology solutions (e.g., GRC enablement solutions, such as Process Unity, Prevalent, Archer, ServiceNow, etc.).
• Demonstrated knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, HITRUST, etc.
• Good knowledge of privacy regulations such as GDPR, CCPA, etc.
• Good knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc.
• Good knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts, Physical & Environmental Security, Asset Security and Identity & Access Management.
• Good knowledge of OS (Windows / Linux) security, Database security, IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.), Security architecture design, and review.
• Good familiarity with OWASP, and Secure SDLC standards/frameworks, anti-virus solutions (e.g., Symantec, McAfee, etc.).
• Good experience in LAN/WAN architectures and reviews.
• Good knowledge of incident management, disaster recovery, and business continuity management, cryptography.
• Good to have prior Big-4 experience.
• Good to have certifications - CISSP, CISA, CISM, CTPRP, CIPP, ISO 27001 Lead Auditor or Lead Implementer

Benefits

• Support, coaching, and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you