Location: Anywhere in Country
At EY, we're all in to shape your future with confidence.
We'll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world.
Data Protection and Privacy - Assistant Director (Data Risk Manager)
Risk Management supports our people in managing the risks that arise during our daily working lives. We work closely with all parts of the organization to identify, manage and monitor risk, providing coordinated advice and assistance on independence, conflicts, compliance, regulatory, policy, security issues, as well as dealing with claims and any queries regarding ethics.
The opportunity
We are operating in an increasingly connected world that is changing how to manage risk. With fast-paced technology advancements, new innovations within emerging technologies, and an ever-challenging regulatory environment, it is business critical for our organization to not only identify the risks, but also the opportunities these present. As a Data Risk Manager, you will make educated, thoughtful decisions on Risk Management. Our brand depends on it. It's all part of our long-term commitment to building a better working world and in return, you can expect plenty of opportunities to take on new responsibilities and develop your career.
Your key responsibilities
As part of EY Americas Data Protection (Confidentiality, Data Privacy) function, you will assist in the development, implementation, and monitoring of various activities within the Data Protection program. The position involves managing the firm's confidential and personal information inventory and data subject rights (DSR) request process. The position also involves investigating and addressing data incidents (loss, theft, and inappropriate disclosure or use of confidential/personal information) in accordance with EY's policies and procedures.
You will serve as the primary point of contact for EY client serving teams and work across functions (Legal, IT, Investigations, Executive Leadership) to coordinate various efforts (e.g., incident response, data inventory management, DSRs). You will help with interpreting data protection and privacy laws and policies, determining required actions to standard and non-standard situations, and making recommendations based on firm guidance, professional standards, and acquired experience. The position involves coordination and reporting of various Data Protection activities to stakeholders and interacts with executive-level personnel.
Skills and attributes for success
Leads Data Risk Management activities within the Data Protection program, including but not limited to:
Maintaining EY confidential and personal information inventory, in partnership with EY internal functions and service lines, to understand types of information that require protection and to fulfil data protection regulatory requirements (e.g., Records of Processing Activities (ROPA)),
Responding to data subject rights (DSR) and internal data access requests in accordance with applicable data protection legal and regulatory requirements and EY policies,
Documenting, conducting, and assisting others with investigations of data incidents (i.e., instances of loss, theft, or inappropriate disclosure of confidential/personal information); collaborating with clients, internal functions, and EY service lines to understand root cause, assess impact, and develop remediation plans,
Collaborating with EY Information Security functions to design and implement controls (e.g., data loss prevention, insider threat detection) to protect confidential and personal information based applicable data protection regulatory requirements and EY policies, and
Developing, driving, and executing strategy to continuously build out the Data Risk Management function to align with industry leading practices and data protection regulatory requirements
Assists other functions of the Data Protection program, including but not limited to:
Tracking and analyzing new and/or revised applicable data protection laws, regulations, and standards (e.g., CPRA, VCDPA, HIPAA), and
Developing and maintaining EY U.S. data protection policies, guidance, training, and awareness communication plan to reflect new and/or changes to data protection laws, regulations, and other related EY policies
Interacts with various stakeholders and functions across the organization, such as EY's Information Security, Risk Management, General Counsel's Office (GCO), Service Line Quality, Talent, and client serving teams, including but not limited to:
Partnering with local and Global teams across the above Data Protection processes,
Working collaboratively with related various EY Service Line Quality teams so as to understand and recommend enhancements to various service line policy or awareness efforts,
Assisting in reporting on various data protection program activities to key stakeholders within the organization, including senior leaders within EY Service Line Quality, GCO, Risk Management, and others, and
Developing relationships across teams/functions
Maintains and expands current knowledge of field of expertise and communicates new developments and resulting impact to program stakeholders and team members
Participates in other ad hoc projects, as assigned
To qualify for the role you must have
Strong verbal and written communications skills, and the ability to interface and communicate effectively and diplomatically with all levels of EY personnel
Solid understanding of relevant firm business and area wide data protection issues and concerns
Strong project management and problem-solving skills
Strong investigative mindset with ability to quickly assess situations and determine the impact
Proven ability to lead under pressure
Flexibility and the ability to take the initiative
Independent decision-making skills, as well as discretion as to when to escalate issues for further review to senior members of the Americas Data Protection team
Ability to right-size risk
High degree of cultural and emotional intelligence
Ability to deliver tough messages to executive leaders within the firm
Strong organizational skills; demonstrated ability to create, plan and successfully handle multiple tasks; and the ability to meet multiple deadlines in a fast-paced environment
Ability to train and supervise local or virtual teams, including junior Data Protection team members as well as other operational teams supporting the Data Protection program
Ability to foster teamwork and maintain effective working relationships with internal clients/stakeholders
Responsiveness with ability to manage high workload volumes efficiently and effectively
Good working knowledge of information systems and common software packages
Experience with data protection technologies (e.g., Data Loss Prevention (DLP) preferred
Bachelor's degree or equivalent work experience; Graduate degree preferred
4-6 plus years related experience
Ideally, you'll have
The ability to reference existing firm data protection and privacy policies as well as knowledge and experience to review complex situations and assist in proposing solutions
Strong knowledge of relevant global, national, and local data protection laws, regulations, and standards, as well as familiarity with other risk management initiatives outside of their specific area
Sound understanding of high-level technology trends and issues surrounding data protection
Privacy certification from ISACA or the International Association of Privacy Professionals (e.g., CIPP, CIPM, CDPSE)
What we look for
We're interested in people that will be able to right-size risk and recommend creative solutions to complex problems, as well as take responsibility for complex Risk Management projects or significa
