Cybersecurity Risk Manager

Cybersecurity Risk Manager

Location: Katowice - 2 days office / 3 days remote

Let us introduce you the job offer by EY GDS Poland - a member of the global integrated service delivery center network by EY.

As a Manager within our Cybersecurity Risk, Compliance & Resilience (CRCR) competency, you will play a pivotal role in assisting EY clients in evaluating the effectiveness and efficiency of their cybersecurity and resiliency programs. Your focus will be on aligning these programs with business growth and operational strategies. In addition to conducting compliance and control evaluations, you will be instrumental in developing and implementing risk management strategies and business continuity plans, ensuring organizations are well-prepared to respond effectively to incidents and disruptions. You will identify deficiencies and provide actionable recommendations and guidelines to enhance cyber resilience. This role is not solely about overseeing others, you will be expected to bring your hands-on experience to the forefront, directly contributing to project delivery and execution, while also managing and coordinating efforts as needed.

• Evaluate and assess the effectiveness of clients' cybersecurity and resiliency programs.
• Develop and implement risk management strategies and business continuity plans.
• Conduct compliance and control evaluations, ensuring adherence to regulations and standards such as ISO 27001 and NIST.
• Perform audits or reviews of Information Security Management Systems (ISMS) and IT general controls.
• Manage Third Party Risk Management (TPRM) processes.
• Provide domain knowledge in cybersecurity, including governance, IT infrastructure security, and risk management.
• Actively participate in hands-on project delivery, ensuring technical and operational tasks are completed with high quality and aligned to client expectations.
• Collaborate with engagement team members, fostering teamwork and responsibility.
• Set up governance frameworks for cybersecurity services, ensuring alignment with organizational objectives.
• Develop and monitor KPIs to measure the effectiveness of cybersecurity services.
• Oversee service delivery processes, ensuring high-quality service and client satisfaction.
• Work on offer preparation, acting as a Service Delivery Manager (SDM) for key cyber project portfolios, discussing client needs, preparing proposals, and actively pursuing and securing project engagements.
• Balance direct hands-on involvement with team coordination, ensuring seamless execution of both technical tasks and broader project objectives.

Minimum 5 years of experience in the field of Information Security and/or Information Technology with minimum two years of them focusing on Information security field with expertise including -but not limited to-below areas:

• Assuring the conformity to regulations, norms and standards such as ISO27001, NIST or any other ISMS governance systems
• IT Controls such as IT General Controls (ITGC), IT Application Controls (ITAC) or any other
• Implementation of the risk management plans and business continuity program assessments
• Performing audits or reviews of ISMS systems and/or IT general controls
• Experience in Third Party Risk Management (TPRM)

• Domain knowledge in Cybersecurity, including governance, IT infrastructure security and risk management, cyber program assessments including cyber transformation and enterprise resilience.
• Demonstrated hands-on experience in cybersecurity, with a proven track record of executing technical work, not just overseeing teams.
• Demonstrate excellent interpersonal skills, inspire teamwork and responsibility with engagement team members
• Strong analytical and problem-solving abilities, with a keen eye for detail.
• Excellent interpersonal skills, with the ability to inspire teamwork and collaboration.

Strong project management skills, including:

• Project planning and resource management, ensuring alignment with client and organizational objectives
• Budgeting and work estimation (e.g., man-days estimation, resource allocation)
• Effective stakeholder communication, ensuring alignment of expectations and facilitating decision-making
• Experience in establishing governance frameworks and developing KPIs for service delivery.

• Excellent command of the English language; other languages would be an asset.
• Analytical and problem-solving abilities, observant with an eye for detail.
• Ability to liaise with stakeholders and manage multiple priorities effectively.
• Proven experience in both hands-on technical work and project leadership/coordinating responsibilities.

• Knowledge about Digital Operational Resilience Act (DORA), NIS2 directive, EU Cybersecurity Act, EU AI Act, and/or other relevant EU regulations.
• Practical knowledge of GRC system such RSA Archer, SAP GRC, OneTrust, ServiceNow GRC

We seek candidates with a minimum of 5 years of experience in Information Security and Information Technology, including at least 2 years focused specifically on cybersecurity. The ideal candidate will have expertise in regulatory compliance, risk management, and business continuity planning, with a proven track record of executing technical work alongside managing teams. Strong analytical and problem-solving skills are essential, as well as the ability to effectively communicate with stakeholders and manage multiple priorities. Familiarity with relevant regulations such as ISO 27001, NIST, and emerging EU directives like DORA and NIS2 will be advantageous. Additionally, hands-on experience with GRC systems such as RSA Archer or ServiceNow GRC will further enhance a candidate's profile.

EY Global Delivery Services (GDS) is a dynamic and truly global delivery network. We work across nine locations - Argentina, Hungary, India, the Philippines, Poland, Sri Lanka, Mexico, Spain and the United Kingdom - and with teams from all EY service lines, geographies and sectors, playing a vital role in the delivery of the EY growth strategy. From accountants to coders to advisory consultants, we offer a wide variety of fulfilling career opportunities that span all business disciplines. In GDS, you will collaborate with EY teams on exciting projects and work with well-known brands from across the globe. We\'ll introduce you to an ever-expanding ecosystem of people, learning, skills and insights that will stay with you throughout your career.

• Continuous learning: You\'ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We\'ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We\'ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You\'ll be embraced for who you are and empowered to use your voice to help others find theirs.

EY | Building a better working world

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

If you can demonstrate that you meet the criteria above, please contact us as soon as possible.

The exceptional EY experience. It\'s yours to build.

In compliance with the requirements of the Whistleblower Protection Act, our company has established the Procedure for reporting breaches of law and undertaking appropriate follow-up actions. Any misconduct should be reported through the EY Ethics Hotline.