Manager, Third Party Risk Management

In a world where risk is everywhere, organisations look to us to transform their approach to risk to turn it in to a means to not only protect the enterprise, but create value. As a member of our Cyber Risk team, you will belong to an international network of specialists helping our clients transform risk functions and implement technology solutions to provide the executive leadership with valuable insight for decision making.

The opportunity

As innovators and thought leaders in cyber risk, EY are embracing change through asking better questions and building a better working world by providing services that are risk based and use a balanced combination of people, practices and technology to position EY at the forefront of cyber. That means you'll have the opportunity to grow, develop, learn new things - and to lead. You will team with respected and experienced professionals to work directly with our clients to help them identify important cybersecurity risks, manage them and improve the effectiveness and efficiency of risk management.

We will support you with career-long training and coaching to develop your skills in cybersecutiy risk strategy, cybersecurity risk management, risk management, technology, managed service and performance enhancement. As EY is a global leading service provider in this space, you will be working with the best of the best in a collaborative environment. So whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.

Your key responsibilities

This role will primarily focus on the management and delivery of our Third Party Risk Management Services to our clients.

Third Party Cyber Risk Management (TPRM) - helps clients make strategic investments and focus on the right areas to effectively manage third-party risks. This service, made possible through our global delivery centers and technology partnerships, was designed in a flexible manner to reflect companies' variable stages of readiness when it comes to managing third-party risk.

You could also have the opportunity to gain experience across a number of the capabilities which make up the Cyber Risk team

Cyber Security Risk Management - helps clients tackle the many security challenges they face daily through cybersecurity transformation

Cybersecurity Detect - assess, improve, build and operate security operations for clients.

Cybersecurity Response - helps clients develop the organisational capability to react to foreseeable and unforeseeable security breaches

Skills and attributes for success

• Understand clients' cultures and operations to influence important decisions on risk management programs and processes
• Leverage industry leading practice and trends to provide valuable insights to clients
• Develop risk programs and methodologies and implement technology to enable the client organisation
• Assist with cultivating and managing business development opportunities. Understand EY and its service lines and actively assess/present ways to serve clients.
• Develop and maintain long-term client relationships and networks. Develop relationships with team members across all EY practices to serve client needs.

To qualify for the role you must have

• A bachelor's degree in Information Systems, Accounting, Finance, Business or a related major and approximately 5-7 years of related work experience in cyber security and/or IT risk management.
• Demonstrable knowledge of principles of ERM and GRC concepts, leading security standards (e.g., ISO27001, NIST), certification reports (SOC 1, SOC 2, etc.) and control frameworks (e.g., COSO, ISO, OCEG, etc.)
• Demonstrable experience in planning, executing and reporting third-party risk assessments. Experience with current state assessment/diagnostic, design & build, enhancement and implementation of third-party risk management programs including governance & oversight, third-party inventory, risk approach and models, policies and standards, TPRM processes and technology, automation and reporting
• Knowledge and experience related to the diverse set of risks associated to third parties such as cyber and privacy risk, geopolitical risk, reputational risk, financial risk, regulatory and compliance risk, digital risk, operational risk, strategic risk and business continuity & resiliency risk
• Knowledge of any of the following industries/sectors: financial services, media & entertainment, technology & telecom, consumer products & retail, and power & utilities)
• Experience in managing a team (onshore and/or offshore) and various projects or processes to completion
• Proven solid analytical and problem solving skills; excellent writing and communication skills
• Advanced computer skills including Microsoft Office suite and other business related software systems
• A valid driver's license in Australia and a valid passport required; willingness and ability to travel internationally

Ideally, you'll also have

• One of these credentials: CISSP, CISA, CISM, CRISC or similar.
• Prior experience as a senior consultant or management consultant in a client serving role.
• Experience with TPRM and/or GRC tools and technologies (e.g., Archer, ServiceNow, SAP, ProcessUnity, Prevalent, etc.)

What we look for

We are interested in motivated professionals with a natural ability to lead, solve complex problems, and work as part of a team. If you enjoy facing new challenges, challenging the status quo, and being part of a culture that encourages teaming and creative problem solving, this role is for you.

What working at EY offers

We offer a competitive compensation package where you'll be rewarded based on your performance and recognized for the value you bring to our business. In addition, our Total Rewards package includes a range of programs and benefits designed to support your physical, financial and social well-being. Plus, we offer:

• Support and coaching and feedback from some of the most engaging colleagues in the industry
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that's right for you

About EY


As a global leader in assurance , tax , transaction and advisory services , we are using the finance products, knowledge and systems we have developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.

Join us in building a better working world.


Start a conversation with us now.


The preferred applicant will be subject to employment screening by EY or by their external third party provider. The preferred applicant will be subject to employment screening by Ernst & Young or by their external third party provider. Regarding these opportunities, the minimum salary for more junior positions is $70,000 including 9.5% superannuation.

© 2019 Ernst & Young Australia. All Rights Reserved. Liability limited by a scheme approved under Professional Standards Legislation.