Role: Senior Compliance/Risk Analyst Experience Experience with SOX, PCI-DSS, Global Data Protection Regulation (GDPR) and other Privacy laws, Health Insurance Portability and Accountability Act (HIPAA), and other regulatory compliance requirements and controls. Experience in Third party Risk assessment while maintaining the risk register for the program. Perform risk evaluations and communicate IT security gaps impact to business and program owners. Drive IT security and risk assessment on program products, services, technologies, applications, and vendors. Experience in SSAE (SOC 2 Type 2 reports, PCI certifications, ISO Certifications, etc.) Ensure potential information security and regulatory compliance risks (such as Sarbanes-Oxley (SOX), Payment Card Industry Data Security Standard (PCI-DSS), etc.) associated with systems and applications are examined thoroughly, documented, communicated, treated, and monitored. Superior English written and verbal communication skills are required. Demonstrated experience in performing audit/compliance and third-party vendor assessments. Experience with internal project consulting to provide compliance and security requirements and guidance. Qualifications: Bachelor’s degree in IT / IS, Computer Science, or related discipline is preferred. Non-technical degrees with Computer Science fundamentals will be considered combined with technology experience. At least one Information Security certification such as Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), etc. preferred. 3-5 years of experience in Information Technology Security Superior English written and verbal communication skills are required. Demonstrated experience in performing audit/compliance and third-party vendor assessments. Experience with internal project consulting to provide compliance and security requirements and guidance. Experience with SOX, PCI-DSS, Global Data Protection Regulation (GDPR) and other Privacy laws, Health Insurance Portability and Accountability Act (HIPAA), and other regulatory compliance requirements and controls. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.