Global Information Security Ambassador Program Coordinator

Todays world is fueled by vast amounts of information. Data is more valuable than ever before. Protecting data and information systems is central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of over 950 people who collaborate to support the business of EY by protecting EY and client information assets! Our Information Security professionals enable EY to work securely and deliver secure products and services, as well as detect and quickly respond to security events as they happen. Together, the efforts of our dedicated team help protect the EY brand and build client trust.

Within Information Security we blend risk strategy, digital identity, cyber defense, application security and technology solutions as we consider the entire security lifecycle. You will join a team of hardworking, security-focused individuals dedicated to supporting, protecting, and enabling the business through innovative, secure solutions that provide speed to market and business value.

The opportunity

The Technology Assurance, Risk, and Policy (TARP) function within Information Security strives to create and promote a holistic Governance, Risk, and Compliance (GRC) program by creating a robust, resilient, and proactive governance framework, supported by a strategic risk management approach and stringent compliance structures. It aims to integrate and align its GRC initiatives in line with the global firm's objectives and emerging threats within the cybersecurity landscape.

Furthermore, the Policy, Risk, and Controls (PRC) Enablement & Awareness team aims to establish policies and procedures that reflect the value we place on safeguarding our digital environment, while ensuring that these policies are effectively communicated and enforced across all levels of the organization.

The role of Information Security Awareness Specialist is part of the Global Information Security Policy, Methodology & Awareness team, which is positioned within PRC Enablement & Awareness that aims to cultivate a security aware culture and mindset by promoting Information Security policies through education, awareness, and guidance.

Your key responsibilities

The Information Security Ambassador Program Coordinator will support and implement strategic plans for the Global Information Security Ambassadors Program, aligning with the company's overall information security objectives. The role will design and facilitate comprehensive training programs for Ambassadors, ensuring they are equipped with the necessary knowledge and skills to perform their roles effectively. The Coordinator will also work closely with communication and talent development teams across different locations to integrate information security activities and facilitate their implementation locally.

Key responsibilities include:

• Support and implement strategic plans for the Global Information Security Ambassador Program, aligning with the companys overall information security objectives.
• Design and facilitate comprehensive training programs for Ambassadors, ensuring they are equipped with the necessary knowledge and skills.
• Collaborate with communication and talent development teams across different locations to integrate and facilitate information security activities locally.
• Oversee the delivery of processes, solutions, and/or projects with a focus on quality and effective risk and security awareness management.
• Contribute to continuous process improvement, identify innovative solutions through research and analysis, and apply best practices.
• Support the Program Leader in coordinating the activities of program members.
• Foster collaboration with TARP and other Information Security departments.
• Propose solution to challenges in scaling the program, such as tracking and measuring Ambassador contributions and impact.
• Recommend solutions for expanding the programs reach and integrating new security domains.
• Engage with internal stakeholders (Information Security Team, IT, business leaders, regional communication/talent teams) and external stakeholders (industry peers, regulatory bodies).

Skills and attributes for success

• Strong communication skills, with the ability to clearly convey information and facilitate discussions with diverse groups.
• Program management skills, including process analysis, improvement, and project management in a global, multicultural environment.
• Understanding of information security principles, training methodologies, and creative communication strategies.
• Familiarity with security frameworks and standards such as IEC/ISO 27000, NIST, and GDPR.
• Analytical and problem-solving skills, including the ability to automate processes for activity tracking and dashboard reporting.
• Ability to collaborate effectively with both internal and external stakeholders.

To qualify for the role, you must have

• 5 or more years of experience in the Information Technology, Information Security and/or IT Risk Management field(s).
• Experience in program management, preferably in a global or multicultural context.
• Strong communication and group engagement skills.
• Understanding of key security frameworks and regulations governing data protection and information security practices.
• Ability to analyze and improve processes and manage projects.
• Experience working with cross-functional teams.
• Attained or desire to attain one or more of the following certifications:
  • CSAP (Certified Security Awareness Practitioner)
  • SSAP (SANS Security Awareness Professional)
  • Certified Information Systems Security Processional (CISSP)
  • Certified Risk and Information Systems Control (CRISC)
  • Certified Information Security Manager (CISM)
  • Certified Information System Auditor (CISA)

Ideally, youll also have

• Familiarity with the organizations structure, business units, and strategic objectives to align security initiatives with organizational goals.
• Awareness of client expectations, industry trends, and best practices in information security awareness.
• Experience with automating activity tracking and dashboard reporting.
• Excellent interpersonal, communication and presentation skills.
• Good time management, organizational, and decision-making skills.