Supplier Risk Assurance Analyst

The Opportunity to become a Supplier Risk Assurance Analyst at EY

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world.

The Supplier Risk Assurance program evaluates and monitors information security risk associated with the Firm’s use of third-party technology suppliers. We measure risk against Firm security controls, industry standards, regulations and laws, and EY business practices. We then advise our engagement and project managers, our procurement team, and our Legal teams in the recommended treatment of the risk assessment conclusions. In a working world where there is an increasing reliance on third-party provided products and services, this role offers interaction with some of the most interesting and important technology-related activities of the Firm across the spectrum of services offered. This role is an important and very visible contributor, offering highly valued and critical services within a highly collaborative team environment.

Your Key Responsibilities

• Conduct inherent risk assessments and vendor research.
• Perform reporting and data analytics.
• Manage communications with stakeholders.
• Execute other required tasks associated with the Supplier Risk Assurance mission.

Skills And Attributes For Success

• Advanced and creative analytic abilities to synthesize technical data, project-related information, interview and survey results, and other information to inform risk decisions.
• Ability to manage and deliver on multiple and shifting priorities to provide high quality, timely, and effective service to our customers.
• Advanced interpersonal skills to engage and collaborate with multiple internal and external stakeholders within a matrixed and global organization.
• Highly developed communications skills, both oral and written in the English language.
• Must be able to rapidly learn a complex business process that involves acquisition of knowledge and familiarity with related regulations, EY Policies and Standards, and international standards such as ISO 27001:2013.

To qualify for the role you must have:

• Bachelor level or higher degree in computer science or a related discipline such as engineering, or an equivalent in experience.
• Experience in any of the following: information security, IT risk management, internal audit, or compliance.
• Awareness of Information Security controls such as ISO27001:2013, NIST, or SOC.

Ideally, you’ll also have:

• Good working knowledge of data analytic methods and tools, including but not limited to Spotfire and Microsoft Excel.
• Good knowledge and skills with Microsoft Office and SharePoint.
• Experience, skills, or education in Information Security technical areas.

What We Look For

The ideal candidate will enjoy the challenge of rapid acquisition of knowledge and have the skills and determination to join a high-performing team. We are looking for someone who is agile, flexible, serious about providing top-flight service to our customers, and above all, a great team member.

What Working At EY Offers

We offer a competitive remuneration package where you’ll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well-being, insurance, savings and a wide range of discounts, offers and promotions. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around.
• Opportunities to develop new skills and progress your career.
• The freedom and flexibility to handle your role in a way that’s right for you.

Key skills/competency

• Information Security
• IT Risk Management
• Compliance
• Vendor Risk Assessment
• Data Analytics
• ISO 27001
• NIST Framework
• SOC Reports
• Stakeholder Engagement
• Cyber Risk Mitigation