Senior Consultant, Privacy, London
Technology is changing the way businesses are operating. Associated with new opportunities come risks. Our clients seek independent advice and assurance on diverse issues such as: compliance, the design and operation of internal privacy controls, the security of business critical systems, the delivery of major IT enabled programmes addressing relevant IT security and privacy risks, their relationships with third parties, and their management, stewardship and ability to exploit business critical data.
EY is a leading independent provider of risk advisory services, supporting organisations to manage their risks, exploit opportunities and operate effectively. IT Risk and Assurance (ITRA) sits within EY's Risk business and forms part of a broader Advisory Services practice.
In response to strong market demand, we are looking to recruit a Senior Consultant who can work directly with clients, to help them understand and address the risks associated with the technologies that support their business, with focus on IT security and privacy (including certifications under ISO).
Your key responsibilities
Your primary responsibility will be to plan and deliver IT risk and control advisory engagements, either leading a small team or carrying sole responsibility for technical delivery. Examples of engagements:
· Carrying out gap assessments to assess the current business state in privacy compliance
· Assessing IT security and controls to help a business achieve certifications against ISO standards
· Assessing clients' IT environments and IT-related business processes that support the financial statements to determine the extent reliance can be placed on the internal control environment
· Identifying and remediating control and performance gaps compared to leading practice, helping clients gain stakeholder buy-in, reducing risk, and increasing value and visibility of IT cost
· Assisting organisations in identification and management of information security risks by assessing the current state, prioritising improvements and conducting projects to reduce risk and improve regulatory compliance
Within the context of client engagements, specific responsibilities include:
· Planning, budgeting and delivering engagement for review by ITRA Managers/Senior Managers
· Understanding clients' IT applications and infrastructure to determine effectiveness of the control environment through performing and reviewing process walkthroughs
· Executing privacy gap assessments, maturity assessments and internal audits to help businesses stay compliant with relevant privacy requirements
· Carrying out readiness and certification assessments as well as periodic audits for re-certification against ISO standards
· Reviewing detailed analysis of the control environment to gain assurance over effective operation of controls
· Identifying control weaknesses and any mitigating controls
· Reviewing working papers and supporting evidence in line with internal compliance requirements
· Effectively articulating control findings to key client stakeholders.
Skills and attributes for success
We are looking for individuals with the passion and commitment to eventually become a Partner at EY. Applicants should have a proven track record of delivering Assurance or Advisory services in a selection of the following areas:
· IT risk, control and audit skills:
o HR and marketing applications, including PeopleSoft and Salesforce
o Database systems including DB2, Sybase, RDS, OS/400, Oracle
o Operating systems including OS/400, Windows, Unix (AIX, HPUX, Red Hat, Solaris)
o SOx404 process control mapping (for risks and controls), IT testing, IT test and exception handling documentation, IT risk and control improvement
· Core GAM competencies (inc. compulsory training and certification): audit planning, audit documentation (subject to FRC inspection), audit testing inc. exception handling, use of GAM, use of Canvas, integration with Audit
· ITPRM skills: Process controls, ITGC controls, SOD controls, migration risks and controls, HYpercare controls, interface controls, IPE controls
· SOCR skills: ISAE3402 frameworks, SSAE16 frameworks, COSO, COBIT, sampling, control descriptions, testing, exception handling, reporting
· Ongoing interactions with CIO, CFO, GFC, CISO, Head of Change, Head of Risk, Head of Audit, Head of Digital
To qualify for the role you must have
· Successful track record in Internal/External IT Audit gained at a 'Big 4' management consultancy
· Experience working in an IT risk and control environment
· Understanding of how to assess core IT-related controls
Ideally, you'll also have
· Ability to work in challenging, diverse, and evolving client environments with utmost professionalism
· Flexibility and ability to learn quickly and leverage skills in new situations
· Ability to build strong client relationships
· Strong team working skills
· Strong presentation and facilitation skills
· Excellent verbal and written communication skills
· A passion to contribute to the growth of the practice
What we look for
You will need to build a strong network internally and be able to exceed our clients' high expectations. We seek high performing individuals, recognised for exceeding expectations. Core consulting skills
Advanced data and evidence management, client management on remediation programmes, driving innovation and continuous improvement Technical skills
- Strong technical insight, practical knowledge and specialist capability Versatility
- Proven ability to adapt and learn in an innovative environment What working at EY offers
We offer a competitive remuneration package where you'll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well-being, insurance, savings and a wide range of discounts, offers and promotions. Plus, we offer:
- Support and coaching from some of the most engaging colleagues around
- Opportunities to develop new skills and progress your career
- The freedom and flexibility to handle your role in a way that's right for you
EY is committed to being an inclusive employer and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.
As a global leader in assurance, tax, transaction and advisory services, we're using the finance products, expertise and systems we've developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. And with a commitment to hiring and developing the most passionate people, we'll make our ambition to be the best employer by 2020 a reality.
If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible. Join us in building a better working world. Apply now.