EY
Cyber Compliance (Vulnerability Management Lead) - Assistant Director
EY, Charleston, West Virginia, us, 25329
Overview
Cyber Compliance (Vulnerability Management Lead) – Assistant Director Ethics, Compliance, and Risk Management (ECRM) supports our people in managing the risks that arise during our daily working lives. We work closely with all parts of the organization to identify, manage and monitor risk, providing coordinated advice and assistance on independence, conflicts, compliance, regulatory, policy, security issues, as well as dealing with claims and any queries regarding ethics. Purpose of the role:
As an Assistant Director with our Data Protection function, focused on cyber compliance, you will make educated, thoughtful decisions. Our brand depends on it. It’s part of our long-term commitment to building a better working world and, in return, you can expect opportunities to take on new responsibilities and develop your career. Responsibilities
Lead operational oversight of vulnerability management and governance efforts. Ensure vulnerability remediation SLAs are met across the organization. Enhance governance processes and drive continuous improvement in risk reduction practices. Combine strong program management skills with a solid understanding of vulnerability management, governance, and stakeholder engagement. Skills and Attributes for Success
Leads Vulnerability Management activities within the Americas Cyber Compliance program, including but not limited to: Process Governance & Enablement: Maintain processes to integrate vulnerability governance into business-as-usual operations; standardize workflows for asset ownership verification, vulnerability prioritization, and remediation tracking; collaborate with Global IT and Information Security to align with best practices and regulatory requirements; create and disseminate materials to improve remediation efficiency; develop awareness campaigns. SLA Compliance & Monitoring: Oversee and track enterprise-wide SLA compliance for vulnerability remediation; analyze trends, identify non-compliance patterns, and work with asset owners to address gaps; escalate risks to leadership per established protocols; design and maintain dashboards and reporting mechanisms. Stakeholder Communication & Reporting: Develop and deliver clear communications on vulnerability status, emerging risks, and program updates; build relationships with IT, Information Security, business units, and leadership; deliver regular compliance and risk status updates. Continuous Improvement: Identify and lead initiatives to increase SLA compliance and improve remediation workflows; stay informed on industry trends and best practices to recommend program improvements. Qualifications
Strong verbal and written communication skills. Solid understanding of relevant firm business and area-wide information security issues and concerns. Strong problem-solving skills; flexibility and initiative; ability to right-size risk; strong research and project management skills. Good working knowledge of information systems and common software packages. Bachelor’s degree or equivalent work experience; Graduate degree preferred. 4-7+ years related experience. Ideal Background
Ability to reference existing firm information security and data protection policies; capability to review complex situations and propose solutions. Strong knowledge of global, national, and local data protection laws, regulations, and standards; familiarity with risk management initiatives beyond the specific area. Understanding of high-level information security trends; experience in information security; familiarity with information security frameworks (e.g., ISO, NIST); information security certification (CISSP, CISM, CISA) from ISC2 or ISACA; knowledge of Artificial Intelligence and associated risks is preferred. What We Offer You
Comprehensive compensation and benefits package with base salary range $111,100 to $207,800; NYC Metro, WA, CA adjustments apply. Salaries determined by education, experience, knowledge, skills and geography; Total Rewards includes medical and dental, pension/401(k), and paid time off. Hybrid model: most client-facing roles expected to work in person 40-60% of the time. Flexible vacation policy with paid holidays and additional leave options for personal/family needs. Are you ready to shape your future with confidence? Apply today. EY accepts applications on an ongoing basis. For California, click here for additional information. EY is committed to equal employment opportunities and compliance with applicable law. Seniorify/Employment Details
Seniority level: Mid-Senior level Employment type: Full-time Job function: Other Industries: Professional Services Referrals increase your chances of interviewing at EY. Get notified about new Cyber Compliance (Vulnerability Management Lead) - Assistant Director jobs in Charleston, WV.
#J-18808-Ljbffr
Cyber Compliance (Vulnerability Management Lead) – Assistant Director Ethics, Compliance, and Risk Management (ECRM) supports our people in managing the risks that arise during our daily working lives. We work closely with all parts of the organization to identify, manage and monitor risk, providing coordinated advice and assistance on independence, conflicts, compliance, regulatory, policy, security issues, as well as dealing with claims and any queries regarding ethics. Purpose of the role:
As an Assistant Director with our Data Protection function, focused on cyber compliance, you will make educated, thoughtful decisions. Our brand depends on it. It’s part of our long-term commitment to building a better working world and, in return, you can expect opportunities to take on new responsibilities and develop your career. Responsibilities
Lead operational oversight of vulnerability management and governance efforts. Ensure vulnerability remediation SLAs are met across the organization. Enhance governance processes and drive continuous improvement in risk reduction practices. Combine strong program management skills with a solid understanding of vulnerability management, governance, and stakeholder engagement. Skills and Attributes for Success
Leads Vulnerability Management activities within the Americas Cyber Compliance program, including but not limited to: Process Governance & Enablement: Maintain processes to integrate vulnerability governance into business-as-usual operations; standardize workflows for asset ownership verification, vulnerability prioritization, and remediation tracking; collaborate with Global IT and Information Security to align with best practices and regulatory requirements; create and disseminate materials to improve remediation efficiency; develop awareness campaigns. SLA Compliance & Monitoring: Oversee and track enterprise-wide SLA compliance for vulnerability remediation; analyze trends, identify non-compliance patterns, and work with asset owners to address gaps; escalate risks to leadership per established protocols; design and maintain dashboards and reporting mechanisms. Stakeholder Communication & Reporting: Develop and deliver clear communications on vulnerability status, emerging risks, and program updates; build relationships with IT, Information Security, business units, and leadership; deliver regular compliance and risk status updates. Continuous Improvement: Identify and lead initiatives to increase SLA compliance and improve remediation workflows; stay informed on industry trends and best practices to recommend program improvements. Qualifications
Strong verbal and written communication skills. Solid understanding of relevant firm business and area-wide information security issues and concerns. Strong problem-solving skills; flexibility and initiative; ability to right-size risk; strong research and project management skills. Good working knowledge of information systems and common software packages. Bachelor’s degree or equivalent work experience; Graduate degree preferred. 4-7+ years related experience. Ideal Background
Ability to reference existing firm information security and data protection policies; capability to review complex situations and propose solutions. Strong knowledge of global, national, and local data protection laws, regulations, and standards; familiarity with risk management initiatives beyond the specific area. Understanding of high-level information security trends; experience in information security; familiarity with information security frameworks (e.g., ISO, NIST); information security certification (CISSP, CISM, CISA) from ISC2 or ISACA; knowledge of Artificial Intelligence and associated risks is preferred. What We Offer You
Comprehensive compensation and benefits package with base salary range $111,100 to $207,800; NYC Metro, WA, CA adjustments apply. Salaries determined by education, experience, knowledge, skills and geography; Total Rewards includes medical and dental, pension/401(k), and paid time off. Hybrid model: most client-facing roles expected to work in person 40-60% of the time. Flexible vacation policy with paid holidays and additional leave options for personal/family needs. Are you ready to shape your future with confidence? Apply today. EY accepts applications on an ongoing basis. For California, click here for additional information. EY is committed to equal employment opportunities and compliance with applicable law. Seniorify/Employment Details
Seniority level: Mid-Senior level Employment type: Full-time Job function: Other Industries: Professional Services Referrals increase your chances of interviewing at EY. Get notified about new Cyber Compliance (Vulnerability Management Lead) - Assistant Director jobs in Charleston, WV.
#J-18808-Ljbffr