EY
Cyber Compliance (Vulnerability Management Lead) - Assistant Director
EY, San Mateo, California, United States, 94409
Overview
Cyber Compliance (Vulnerability Management Lead) – Assistant Director. EY is seeking a proactive Assistant Director to lead operational oversight of vulnerability management and governance within the Data Protection function, focused on cyber compliance. Location
Anywhere in the country What You Will Do
Lead vulnerability management and governance efforts, ensure vulnerability remediation SLAs are met across the organization, enhance governance processes, and drive continuous improvement in risk reduction practices. Combine strong program management with a solid understanding of vulnerability management, governance, and stakeholder engagement. Key Responsibilities
Lead Vulnerability Management activities within the Americas Cyber Compliance program. Maintain processes to integrate vulnerability governance into business-as-usual operations. Standardize workflows for asset ownership verification, vulnerability prioritization, and remediation tracking. Collaborate with Global IT and Information Security to align governance policies with best practices and regulatory requirements. Create enabler materials (guides, FAQs, process overviews) to improve remediation efficiency. Develop awareness campaigns to promote vulnerability management and compliance. Oversee and track enterprise-wide SLA compliance for vulnerability remediation across asset classes. Analyze SLA trends, identify non-compliance patterns, and work with asset owners to address gaps. Escalate risks related to overdue vulnerabilities to leadership per established protocols. Design, maintain, and optimize dashboards and reporting for executives, asset owners, and security teams. Develop and deliver clear communications on vulnerability status, risks, and program updates. Build relationships with IT, Information Security, business units, and leadership to drive accountability and remediation efforts. Deliver regular compliance and risk status updates to leadership and stakeholders. Identify and lead initiatives to increase SLA compliance and improve remediation workflows; stay informed on industry trends and best practices to drive program improvements. Qualifications
To qualify for the role, you must have Strong verbal and written communication skills Solid understanding of firm business and information security issues Strong problem-solving skills Flexibility and initiative Ability to right-size risk Strong research skills Strong project management skills; ability to handle multiple tasks Good working knowledge of information systems and common software packages Bachelor’s degree or equivalent work experience; Graduate degree preferred 4-7+ years related experience Ideally, you’ll have Ability to reference existing firm information security and data protection policies and propose solutions Knowledge of global, national, and local data protection laws and standards; familiarity with other risk management initiatives Understanding of high-level information security trends Experience in information security Experience with information security frameworks (ISO, NIST) Information security certification (CISSP, CISM, CISA) from ISC2 or ISACA Knowledge of AI risks is preferred What We Offer You
EY offers future-focused development in a flexible, inclusive culture with globally connected teams. Compensation and benefits are designed to reward performance. Our Total Rewards package includes health coverage, retirement plans, and paid time off. The base salary range for this job in all geographic locations in the US is $111,100 to $207,800. The base salary range for NYC Metro Area, Washington State and California (excluding Sacramento) is $133,300 to $236,100. Salaries are determined by various factors including education, experience, knowledge, skills, and geography. Hybrid work model: most client-facing roles are expected to work in person 40-60% of the time. Flexible vacation policy and paid holidays, with additional time off for personal/family care and other leaves as needed. Are you ready to shape your future with confidence? Apply today. EY accepts applications on an ongoing basis. For California residents, additional information is available here. EY is committed to equal employment opportunities and to providing reasonable accommodation to qualified individuals with disabilities. If you need assistance applying online or require an accommodation, please contact EY’s Talent Shared Services. Seniority level
Mid-Senior level Employment type
Full-time Job function
Other Industries: Professional Services Referrals increase your chances of interviewing at EY. Get notified about new Cyber Compliance (Vulnerability Management Lead) – Assistant Director jobs in San Mateo, CA.
#J-18808-Ljbffr
Cyber Compliance (Vulnerability Management Lead) – Assistant Director. EY is seeking a proactive Assistant Director to lead operational oversight of vulnerability management and governance within the Data Protection function, focused on cyber compliance. Location
Anywhere in the country What You Will Do
Lead vulnerability management and governance efforts, ensure vulnerability remediation SLAs are met across the organization, enhance governance processes, and drive continuous improvement in risk reduction practices. Combine strong program management with a solid understanding of vulnerability management, governance, and stakeholder engagement. Key Responsibilities
Lead Vulnerability Management activities within the Americas Cyber Compliance program. Maintain processes to integrate vulnerability governance into business-as-usual operations. Standardize workflows for asset ownership verification, vulnerability prioritization, and remediation tracking. Collaborate with Global IT and Information Security to align governance policies with best practices and regulatory requirements. Create enabler materials (guides, FAQs, process overviews) to improve remediation efficiency. Develop awareness campaigns to promote vulnerability management and compliance. Oversee and track enterprise-wide SLA compliance for vulnerability remediation across asset classes. Analyze SLA trends, identify non-compliance patterns, and work with asset owners to address gaps. Escalate risks related to overdue vulnerabilities to leadership per established protocols. Design, maintain, and optimize dashboards and reporting for executives, asset owners, and security teams. Develop and deliver clear communications on vulnerability status, risks, and program updates. Build relationships with IT, Information Security, business units, and leadership to drive accountability and remediation efforts. Deliver regular compliance and risk status updates to leadership and stakeholders. Identify and lead initiatives to increase SLA compliance and improve remediation workflows; stay informed on industry trends and best practices to drive program improvements. Qualifications
To qualify for the role, you must have Strong verbal and written communication skills Solid understanding of firm business and information security issues Strong problem-solving skills Flexibility and initiative Ability to right-size risk Strong research skills Strong project management skills; ability to handle multiple tasks Good working knowledge of information systems and common software packages Bachelor’s degree or equivalent work experience; Graduate degree preferred 4-7+ years related experience Ideally, you’ll have Ability to reference existing firm information security and data protection policies and propose solutions Knowledge of global, national, and local data protection laws and standards; familiarity with other risk management initiatives Understanding of high-level information security trends Experience in information security Experience with information security frameworks (ISO, NIST) Information security certification (CISSP, CISM, CISA) from ISC2 or ISACA Knowledge of AI risks is preferred What We Offer You
EY offers future-focused development in a flexible, inclusive culture with globally connected teams. Compensation and benefits are designed to reward performance. Our Total Rewards package includes health coverage, retirement plans, and paid time off. The base salary range for this job in all geographic locations in the US is $111,100 to $207,800. The base salary range for NYC Metro Area, Washington State and California (excluding Sacramento) is $133,300 to $236,100. Salaries are determined by various factors including education, experience, knowledge, skills, and geography. Hybrid work model: most client-facing roles are expected to work in person 40-60% of the time. Flexible vacation policy and paid holidays, with additional time off for personal/family care and other leaves as needed. Are you ready to shape your future with confidence? Apply today. EY accepts applications on an ongoing basis. For California residents, additional information is available here. EY is committed to equal employment opportunities and to providing reasonable accommodation to qualified individuals with disabilities. If you need assistance applying online or require an accommodation, please contact EY’s Talent Shared Services. Seniority level
Mid-Senior level Employment type
Full-time Job function
Other Industries: Professional Services Referrals increase your chances of interviewing at EY. Get notified about new Cyber Compliance (Vulnerability Management Lead) – Assistant Director jobs in San Mateo, CA.
#J-18808-Ljbffr