EY
Cyber Compliance (Vulnerability Management Lead) - Assistant Director
EY, Westlake Village, California, United States, 91361
Overview
Cyber Compliance (Vulnerability Management Lead) - Assistant Director at EY. Location: Anywhere in Country. Ethics, Compliance, and Risk Management (ECRM) supports our people in managing the risks that arise during our daily working lives. This role focuses on cyber compliance within vulnerability management, governance, and risk reduction initiatives. Responsibilities
Lead operational oversight of vulnerability management and governance efforts. Ensure vulnerability remediation SLAs are met across the organization. Enhance governance processes and drive continuous improvement in risk reduction practices. Combine program management skills with a solid understanding of vulnerability management, governance, and stakeholder engagement. Lead Vulnerability Management activities within the Americas Cyber Compliance program. Maintain processes to integrate vulnerability governance into business-as-usual operations. Standardize workflows for asset ownership verification, vulnerability prioritization, and remediation tracking. Collaborate with Global IT and Information Security teams to align governance policies with best practices and regulatory requirements. Create and disseminate enabler materials (guides, FAQs, process overviews) to improve remediation efficiency. Develop awareness campaigns to promote vulnerability management and compliance across the organization. Oversee and track enterprise-wide SLA compliance for vulnerability remediation across all asset classes. Analyze SLA trends, identify non-compliance patterns, and work with asset owners to address gaps. Escalate risks related to overdue vulnerabilities according to established protocols. Design, maintain, and optimize dashboards and reporting mechanisms for executives, asset owners, and security teams. Develop and deliver clear communications on vulnerability status, emerging risks, and program updates. Build strong relationships with Global IT, Information Security, business units, and leadership to drive accountability and remediation efforts. Deliver regular compliance and risk status updates to leadership and other key stakeholders. Identify and lead initiatives to increase SLA compliance rates and improve remediation workflows. Stay informed on industry trends, tools, and best practices to recommend and implement program improvements. Qualifications
Strong verbal and written communication skills. Solid understanding of relevant firm business and area-wide information security issues and concerns. Strong problem-solving skills. Flexibility and the ability to take the initiative. Ability to right-size risk. Strong research skills. Strong project management skills: ability to successfully handle multiple tasks. Good working knowledge of information systems and common software packages. Bachelor’s degree or equivalent work experience; Graduate degree preferred. 4-7 plus years related experience. Ideally, you’ll have
Ability to reference existing firm information security and data protection policies and propose solutions for complex situations. Strong knowledge of relevant global, national, and local data protection laws, regulations, and standards, plus familiarity with other risk management initiatives. Sound understanding of high-level information security trends. Experience in information security and with information security frameworks (e.g., ISO, NIST). Information security certification from ISC2 or ISACA (e.g., CISSP, CISM, CISA). Knowledge of Artificial Intelligence and associated risks is preferred. What We Offer You
Comprehensive compensation and benefits package with base salary ranges. In all geographic locations in the US: $111,100 to $207,800. In NYC Metro Area, WA, and CA (excluding Sacramento): $133,300 to $236,100. Individual salaries are determined by education, experience, knowledge, skills, and geography. Total Rewards includes medical and dental coverage, pension and 401(k), and various paid time off options. Hybrid model: most client-serving roles expected to work in person 40-60% of the time over the engagement, project, or year. Flexible vacation policy and time off for holidays, breaks, personal/family care, and other leaves to support well-being. Are you ready to shape your future with confidence? Apply today. EY accepts applications on an ongoing basis. For California residents, additional information is available. EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis. EY is committed to providing reasonable accommodation to qualified individuals with disabilities, including veterans with disabilities. If you need assistance applying online or an accommodation during the application process, please contact EY’s Talent Support. Senior/Employment Details
Seniority level: Mid-Senior level Employment type: Full-time Job function: Other Industries: Professional Services
#J-18808-Ljbffr
Cyber Compliance (Vulnerability Management Lead) - Assistant Director at EY. Location: Anywhere in Country. Ethics, Compliance, and Risk Management (ECRM) supports our people in managing the risks that arise during our daily working lives. This role focuses on cyber compliance within vulnerability management, governance, and risk reduction initiatives. Responsibilities
Lead operational oversight of vulnerability management and governance efforts. Ensure vulnerability remediation SLAs are met across the organization. Enhance governance processes and drive continuous improvement in risk reduction practices. Combine program management skills with a solid understanding of vulnerability management, governance, and stakeholder engagement. Lead Vulnerability Management activities within the Americas Cyber Compliance program. Maintain processes to integrate vulnerability governance into business-as-usual operations. Standardize workflows for asset ownership verification, vulnerability prioritization, and remediation tracking. Collaborate with Global IT and Information Security teams to align governance policies with best practices and regulatory requirements. Create and disseminate enabler materials (guides, FAQs, process overviews) to improve remediation efficiency. Develop awareness campaigns to promote vulnerability management and compliance across the organization. Oversee and track enterprise-wide SLA compliance for vulnerability remediation across all asset classes. Analyze SLA trends, identify non-compliance patterns, and work with asset owners to address gaps. Escalate risks related to overdue vulnerabilities according to established protocols. Design, maintain, and optimize dashboards and reporting mechanisms for executives, asset owners, and security teams. Develop and deliver clear communications on vulnerability status, emerging risks, and program updates. Build strong relationships with Global IT, Information Security, business units, and leadership to drive accountability and remediation efforts. Deliver regular compliance and risk status updates to leadership and other key stakeholders. Identify and lead initiatives to increase SLA compliance rates and improve remediation workflows. Stay informed on industry trends, tools, and best practices to recommend and implement program improvements. Qualifications
Strong verbal and written communication skills. Solid understanding of relevant firm business and area-wide information security issues and concerns. Strong problem-solving skills. Flexibility and the ability to take the initiative. Ability to right-size risk. Strong research skills. Strong project management skills: ability to successfully handle multiple tasks. Good working knowledge of information systems and common software packages. Bachelor’s degree or equivalent work experience; Graduate degree preferred. 4-7 plus years related experience. Ideally, you’ll have
Ability to reference existing firm information security and data protection policies and propose solutions for complex situations. Strong knowledge of relevant global, national, and local data protection laws, regulations, and standards, plus familiarity with other risk management initiatives. Sound understanding of high-level information security trends. Experience in information security and with information security frameworks (e.g., ISO, NIST). Information security certification from ISC2 or ISACA (e.g., CISSP, CISM, CISA). Knowledge of Artificial Intelligence and associated risks is preferred. What We Offer You
Comprehensive compensation and benefits package with base salary ranges. In all geographic locations in the US: $111,100 to $207,800. In NYC Metro Area, WA, and CA (excluding Sacramento): $133,300 to $236,100. Individual salaries are determined by education, experience, knowledge, skills, and geography. Total Rewards includes medical and dental coverage, pension and 401(k), and various paid time off options. Hybrid model: most client-serving roles expected to work in person 40-60% of the time over the engagement, project, or year. Flexible vacation policy and time off for holidays, breaks, personal/family care, and other leaves to support well-being. Are you ready to shape your future with confidence? Apply today. EY accepts applications on an ongoing basis. For California residents, additional information is available. EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis. EY is committed to providing reasonable accommodation to qualified individuals with disabilities, including veterans with disabilities. If you need assistance applying online or an accommodation during the application process, please contact EY’s Talent Support. Senior/Employment Details
Seniority level: Mid-Senior level Employment type: Full-time Job function: Other Industries: Professional Services
#J-18808-Ljbffr