EY
Cyber Compliance (Vulnerability Management Lead) - Assistant Director
EY, Las Vegas, Nevada, us, 89105
Overview
Cyber Compliance (Vulnerability Management Lead) - Assistant Director What you will do
Lead operational oversight of vulnerability management and governance efforts. Ensure vulnerability remediation SLAs are met across the organization, enhance governance processes, and drive continuous improvement in risk reduction practices. Combine strong program management skills with a solid understanding of vulnerability management, governance, and stakeholder engagement. Responsibilities
Lead Vulnerability Management activities within the Americas Cyber Compliance program, including but not limited to: Process Governance & Enablement: maintain processes to integrate vulnerability governance into business-as-usual operations. Standardize workflows for asset ownership verification, vulnerability prioritization, and remediation tracking. Collaborate with Global IT and Information Security teams to align governance policies with industry best practices and regulatory requirements. Create and disseminate enabler materials (guides, FAQs, process overviews) to improve remediation efficiency. Develop awareness campaigns to promote vulnerability management and compliance across the organization. SLA Compliance & Monitoring: oversee and track enterprise-wide SLA compliance for vulnerability remediation, focusing on timely resolution across all asset classes. Analyze SLA trends, identify non-compliance patterns, and work with asset owners to address gaps. Escalate risks related to overdue vulnerabilities to leadership per established protocols. Design, maintain, and optimize dashboards and reporting mechanisms to provide actionable insights for executives, asset owners, and security teams. Stakeholder Communication & Reporting: develop and deliver clear communications on vulnerability status, emerging risks, and program updates; build relationships with Global IT, Information Security, business units, and leadership to drive accountability. Deliver regular compliance and risk status updates to leadership and other key stakeholders. Continuous Improvement: identify and lead initiatives to increase SLA compliance rates and improve remediation workflows; stay informed on industry trends, tools, and best practices to recommend program improvements. Qualifications
Strong verbal and written communication skills Solid understanding of relevant firm business and area-wide information security issues Strong problem-solving skills Flexibility and initiative Ability to right-size risk Strong research skills Strong project management skills: ability to handle multiple tasks Good working knowledge of information systems and common software packages Bachelor’s degree or equivalent work experience; Graduate degree preferred 4-7+ years related experience Ideal background
Ability to reference existing firm information security and data protection policies and propose solutions Strong knowledge of relevant global, national, and local data protection laws, regulations, and standards Understanding of high-level information security trends Experience in information security; experience with information security frameworks (ISO, NIST) Information security certification from ISC2 or ISACA (e.g., CISSP, CISM, CISA) Knowledge of AI and associated risks is preferred What we offer
Compensation and benefits package; base salary range $111,100 - $207,800 (location-based adjustments apply). Hybrid work model and flexible vacation policy; time off for holidays and personal reasons. Equal employment opportunities; accommodations available for qualified individuals with disabilities. Are you ready to shape your future with confidence? Apply today. EY accepts applications on an ongoing basis. For California residents, see additional information. EY is an equal opportunity employer. Seniorities
Mid-Senior level Employment type
Full-time Job function
Other Professional Services
#J-18808-Ljbffr
Cyber Compliance (Vulnerability Management Lead) - Assistant Director What you will do
Lead operational oversight of vulnerability management and governance efforts. Ensure vulnerability remediation SLAs are met across the organization, enhance governance processes, and drive continuous improvement in risk reduction practices. Combine strong program management skills with a solid understanding of vulnerability management, governance, and stakeholder engagement. Responsibilities
Lead Vulnerability Management activities within the Americas Cyber Compliance program, including but not limited to: Process Governance & Enablement: maintain processes to integrate vulnerability governance into business-as-usual operations. Standardize workflows for asset ownership verification, vulnerability prioritization, and remediation tracking. Collaborate with Global IT and Information Security teams to align governance policies with industry best practices and regulatory requirements. Create and disseminate enabler materials (guides, FAQs, process overviews) to improve remediation efficiency. Develop awareness campaigns to promote vulnerability management and compliance across the organization. SLA Compliance & Monitoring: oversee and track enterprise-wide SLA compliance for vulnerability remediation, focusing on timely resolution across all asset classes. Analyze SLA trends, identify non-compliance patterns, and work with asset owners to address gaps. Escalate risks related to overdue vulnerabilities to leadership per established protocols. Design, maintain, and optimize dashboards and reporting mechanisms to provide actionable insights for executives, asset owners, and security teams. Stakeholder Communication & Reporting: develop and deliver clear communications on vulnerability status, emerging risks, and program updates; build relationships with Global IT, Information Security, business units, and leadership to drive accountability. Deliver regular compliance and risk status updates to leadership and other key stakeholders. Continuous Improvement: identify and lead initiatives to increase SLA compliance rates and improve remediation workflows; stay informed on industry trends, tools, and best practices to recommend program improvements. Qualifications
Strong verbal and written communication skills Solid understanding of relevant firm business and area-wide information security issues Strong problem-solving skills Flexibility and initiative Ability to right-size risk Strong research skills Strong project management skills: ability to handle multiple tasks Good working knowledge of information systems and common software packages Bachelor’s degree or equivalent work experience; Graduate degree preferred 4-7+ years related experience Ideal background
Ability to reference existing firm information security and data protection policies and propose solutions Strong knowledge of relevant global, national, and local data protection laws, regulations, and standards Understanding of high-level information security trends Experience in information security; experience with information security frameworks (ISO, NIST) Information security certification from ISC2 or ISACA (e.g., CISSP, CISM, CISA) Knowledge of AI and associated risks is preferred What we offer
Compensation and benefits package; base salary range $111,100 - $207,800 (location-based adjustments apply). Hybrid work model and flexible vacation policy; time off for holidays and personal reasons. Equal employment opportunities; accommodations available for qualified individuals with disabilities. Are you ready to shape your future with confidence? Apply today. EY accepts applications on an ongoing basis. For California residents, see additional information. EY is an equal opportunity employer. Seniorities
Mid-Senior level Employment type
Full-time Job function
Other Professional Services
#J-18808-Ljbffr