Technology Risk Assurance Managers job at EY | Apply Now

Risk Assessment:

• Conduct thorough assessments of technology risks across various systems and processes.

• Identify potential vulnerabilities and threats to IT infrastructure and data.

Risk Management:

• Develop and implement risk management strategies and plans.

• Monitor and track identified risks, ensuring that mitigation measures are effective.

Compliance:

• Ensure IT systems comply with relevant regulations, standards, and policies (e.g., GDPR, HIPAA, ISO 27001).

• Stay updated on changes in technology regulations and standards to ensure ongoing compliance.

Audit Support:

• Support internal and external IT audits by providing necessary documentation and explanations.

• Implement audit recommendations and track their progress.

Policy Development:

• Develop and enforce IT risk management policies and procedures.

• Ensure policies are communicated effectively to all relevant stakeholders.

Security Controls:

• Design and implement security controls to protect IT systems and data.

• Regularly test and evaluate the effectiveness of these controls.

Incident Management:

• Respond to security incidents and breaches, conducting root cause analysis and implementing corrective actions.

• Develop and maintain an incident response plan.

Training and Awareness:

• Conduct training sessions and workshops to raise awareness of IT risks and promote best practices among employees.

• Develop educational materials and resources to support risk awareness initiatives.

Risk Reporting:

• Prepare detailed reports on technology risks, highlighting key findings, trends, and recommendations.

• Present risk assessments and reports to senior management and stakeholders.

Vendor Risk Management:

• Assess and manage risks associated with third-party vendors and service providers.

• Ensure vendors comply with the organization's security and risk management standards.

Continuous Improvement:

• Continuously monitor and review IT risk management practices to identify areas for improvement.

• Stay informed about emerging technology risks and industry best practices.

Collaboration:

• Work closely with IT, security, and business teams to integrate risk management practices into all technology projects and operations.

• Foster a culture of risk awareness and proactive risk management throughout the organization.

Business Continuity Planning:

• Contribute to the development and maintenance of business continuity and disaster recovery plans.

• Ensure IT systems and processes are resilient and can recover quickly from disruptions.

Technical Assessments:

• Conduct technical assessments such as penetration testing, vulnerability assessments, and security audits.

• Analyze assessment results and provide actionable recommendations for improvement.

Data Privacy:

• Ensure that data privacy measures are in place and comply with relevant regulations.

• Conduct regular privacy impact assessments and implement data protection measures.