Information Security Governance, Risk & Compliance Manager - UKI Operations

Information Security GRC Manager
EY CBS Regional Operations (UK & Ireland)
Rank – CBS Manager


The opportunity

The Information Security GRC Manager role is a new position in EY UK’s Core Business Services function and will have a responsibility to deliver subject matter expert advice around EY’s information security capability and compliance with industry standards and controls, in order to provide governance, manage the risk and achieve compliance across the Firm to enable the partnership to compete effectively.

Activities will include owning day-to-day delivery, as a trusted advisor, of EY’s information security policies, standards and guidelines, in particular the UK firm’s new IT Code of Practice, and the management of business-critical compliance standards, considering the associated risks.

The role holder will report to the Director of Information Security and in partnership with global EY Technology teams and stakeholders including Data Protection, Risk Management and Service Line Quality.

Working multi-functionally, the role-holder will require the ability to formulate clear recommendations, drive governance strategies and influence client-facing, core business, risk management, quality and technology stakeholders at all levels.


Your key responsibilities

  • Manage the UK Firm’s risk reporting around cyber and information security as well as manage and maintain program elements (e.g., management information reporting, process improvement, key risk indicators, dashboard development)
  • Drive business adherence to EY Information Security policies, standards and guidelines, escalating concerns/issues as appropriate, to reduce risk to the Firm
  • Support the technical due diligence of suppliers and solutions, whether the firm is “buying, building or borrowing”, and provide input to business information and technology risk remediation efforts
  • Assist adoption of approved and trusted solutions across the Firm and support the adaptation of solutions to address business risk
  • Perform horizon scanning and also build and consume threat intelligence applicable to the Firm, to be able to plan and manage any business-critical compliance standards, considering the associated risks.
  • Provide, as required, subject matter expert guidance to the UK&I service lines and Core Business Services functions (e.g., Supplier Relationship Management, Procurement, Legal, Compliance, Risk Management, Talent, Independence) to ensure business cohesion
  • Promote frank and timely internal communication within the Firm about information and cyber security risk
  • Educate and provide direction and support to business leadership on information and technology risk matters
  • Educate the business areas on the Firm’s cyber and information security risk management, legislative and regulatory obligations
  • Build and maintain appropriate governance to ensure the Firm’s internal and client-facing functions are aware of information and technology risks
  • Mitigate cyber and information security risk by following established procedures, developing further guidance and governance protocols as necessary and demonstrating strong ethical behaviour
  • Build purposeful relationships by collaborating, sharing and seeking opinions and ideas across EY, to make information security more accessible to our people.


Qualifications, skills and attributes which will ensure success:

  • Professional information security qualification (e.g., CISM)
  • The ability to hold UK security clearance up to Security Check
  • An understanding of the guiding principles behind ISO27001 and/or Cyber Essentials is preferable.
  • Experience of implementing awareness, education and training events or campaigns.
  • Excellent stakeholder management and engagement skills; experience of negotiating and managing internal and external stakeholders and third parties.
  • Ability to form complex communications/messages in a simple, clear and concise manner to the various parts of EY.
  • Excellent written and verbal communication and presentation skills.
  • Effective and creative problem-solving skills.
  • Proven track record of operating in time critical, diverse, creative and corporate environments.
  • Ability and confidence to prioritise and balance conflicting and diverse demands from technical and business perspectives
  • Strong IT delivery and operational background
  • Experience influencing third party suppliers that are not directly managed


To succeed in this role, we would want you to:

Be someone who is resilient, able to operate calmly under pressure in a complex / matrix environment, has a delivery focus, is target driven, generally politically astute with commercial acumen.

Have graduate level experience with relevant degree qualification or equivalent industry background.
Demonstrate multi-site / regional experience and working, and experience of working in a professional services organisation or LLP would be beneficial, similarly knowledge gained from working in a complex organisation with matrix management.

Be located in the UK. The role holder will be required to attend meetings at EY’s London office a minimum of one/two times per month.


What we look for

We need someone who is resilient, able to operate calmly under pressure in a complex environment and will act and communicate with integrity and commercial acumen.


What we offer

We offer a competitive remuneration package where you’ll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well-being, insurance, savings and a wide range of discounts, offers and promotions. Plus, we offer:

  • Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
  • Success as defined by you:We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
  • Transformative leadership:We’ll give you the insights, coaching and confidence to be the leader the world needs.
  • Diverse and inclusive culture:You’ll be embraced for who you are and empowered to use your voice to help others find theirs.


If you can demonstrate that you meet the criteria above, please contact us as soon as possible.


The exceptional EY experience. It’s yours to build.


Apply now.


About EY

As a global leader in assurance, tax, transaction and advisory services, we’re using the finance products, expertise and systems we’ve developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.


Please note

Prior to finalizing your application, you will be asked to provide personal information across several dimensions of diversity and inclusiveness. The information you provide is kept entirely confidential and will not be used to evaluate your candidacy. We collect this data to help us analyse our recruitment process holistically and implement actions that promote diversity and inclusiveness. While optional, we encourage you to provide this information to hold us accountable towards our goal of building a better working world. We ask because it matters!