Data Protection and Privacy - Assistant Director (Data RiskManager) Location: Anywhere in Country At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. Data Protection and Privacy – Assistant Director (Data Risk Manager) Risk Management supports our people in managing the risks that arise during our daily working lives. We work closely with all parts of the organization to identify, manage and monitor risk, providing coordinated advice and assistance on independence, conflicts, compliance, regulatory, policy, security issues, as well as dealing with claims and any queries regarding ethics. The opportunity We are operating in an increasingly connected world that is changing how to manage risk. With fast-paced technology advancements, new innovations within emerging technologies, and an ever-challenging regulatory environment, it is business critical for our organization to not only identify the risks, but also the opportunities these present. As a Data Risk Manager, you will make educated, thoughtful decisions on Risk Management. Our brand depends on it. It’s all part of our long-term commitment to building a better working world and in return, you can expect plenty of opportunities to take on new responsibilities and develop your career. Your Key Responsibilities As part of EY Americas Data Protection (Confidentiality, Data Privacy) function, you will assist in the development, implementation, and monitoring of various activities within the Data Protection program. The position involves managing the firm’s confidential and personal information inventory and data subject rights (DSR) request process. The position also involves investigating and addressing data incidents (loss, theft, and inappropriate disclosure or use of confidential/personal information) in accordance with EY’s policies and procedures. You will serve as the primary point of contact for EY client serving teams and work across functions (Legal, IT, Investigations, Executive Leadership) to coordinate various efforts (e.g., incident response, data inventory management, DSRs). You will help with interpreting data protection and privacy laws and policies, determining required actions to standard and non-standard situations, and making recommendations based on firm guidance, professional standards, and acquired experience. The position involves coordination and reporting of various Data Protection activities to stakeholders and interacts with executive-level personnel. Skills And Attributes For Success Leads Data Risk Management activities within the Data Protection program, including but not limited to: Maintaining EY confidential and personal information inventory, in partnership with EY internal functions and service lines, to understand types of information that require protection and to fulfil data protection regulatory requirements (e.g., Records of Processing Activities (ROPA)) Responding to data subject rights (DSR) and internal data access requests in accordance with applicable data protection legal and regulatory requirements and EY policies Documenting, conducting, and assisting others with investigations of data incidents; collaborating with clients, internal functions, and EY service lines to understand root cause, assess impact, and develop remediation plans Collaborating with EY Information Security functions to design and implement controls (e.g., data loss prevention, insider threat detection) to protect confidential and personal information Developing, driving, and executing strategy to continuously build out the Data Risk Management function to align with industry leading practices and data protection regulatory requirements Assists other functions of the Data Protection program, including but not limited to: tracking and analyzing new and/or revised applicable data protection laws, regulations, and standards (e.g., CPRA, CCPA, HIPAA) Developing and maintaining EY U.S. data protection policies, guidance, training, and awareness communication plan to reflect new and/or changes to data protection laws Interacts with various stakeholders and functions across the organization, such as EY’s Information Security, Risk Management, General Counsel’s Office (GCO), Service Line Quality, Talent, and client serving teams Partnering with local and Global teams across the above Data Protection processes Working with Service Line Quality teams to understand and recommend enhancements to service line policy or awareness efforts Assisting in reporting on various data protection program activities to key stakeholders, including senior leaders within EY Service Line Quality, GCO, Risk Management, and others Developing relationships across teams/functions Maintains and expands knowledge of the field and communicates new developments to program stakeholders Participates in other ad hoc projects as assigned To qualify for the role you must have Strong verbal and written communications skills, and the ability to interface and communicate effectively with all levels of EY personnel Solid understanding of relevant firm business and data protection issues Strong project management and problem-solving skills Strong investigative mindset with ability to assess situations and determine impact Proven ability to lead under pressure Flexibility and initiative Independent decision-making skills and discretion on when to escalate to senior members of the Americas Data Protection team Ability to right-size risk High degree of cultural and emotional intelligence Ability to deliver tough messages to executive leaders Strong organizational skills and ability to manage multiple tasks and deadlines in a fast-paced environment Ability to train and supervise local or virtual teams Ability to foster teamwork and maintain effective working relationships with internal clients/stakeholders Responsiveness with ability to manage high workload volumes Good working knowledge of information systems and common software Experience with data protection technologies (e.g., Data Loss Prevention) preferred Bachelor’s degree or equivalent work experience; Graduate degree preferred 4-6 plus years related experience Ideally, you’ll have Ability to reference existing firm data protection and privacy policies and propose solutions for complex situations Strong knowledge of global, national, and local data protection laws and standards Familiarity with other risk management initiatives outside of data protection Understanding of high-level technology trends and data protection issues Privacy certification from ISACA or IAPP (e.g., CIPP, CIPM, CDPSE) What We Look For We’re looking for people who can right-size risk and propose creative solutions to complex problems and take responsibility for complex Risk Management projects. What We Offer You EY offers a comprehensive compensation and benefits package, including a competitive base salary and Total Rewards. Our hybrid model expects most client-facing roles to work in person 40-60% of the time. We support flexible vacation and leave policies to support well-being. EY is an equal opportunity employer. We provide reasonable accommodation to qualified individuals with disabilities, including veterans. For more information about EY, visit our careers page. EY focuses on high ethical standards and integrity among its employees.

#J-18808-Ljbffr