Global risk audit compliance-GRAC and Stay in compliance-SIC lead

Bengaluru, KA, IN, 560048


Mit unseren vier integrierten Geschäftsbereichen — Wirtschaftsprüfung und prüfungsnahe Dienstleistungen, Steuerberatung, Unternehmensberatung und Strategy and Transactions — sowie unserem Branchenwissen unterstützen wir unsere Mandanten dabei,...

View company page

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 





Job Title: EY Technology Services – Global risk audit compliance (GRAC) and Stay in compliance (SIC) lead

  • In our globalizing economy, the availability of skills and expertise is becoming more and more distributed. Within the Enterprise Technology team, we enable EY people to meet the increasing pace of business by delivering highly available solutions that empower them to work together where they want and how they want. 

The opportunity

GRAC & SIC Lead is responsible for analyzing vulnerabilities, developing, and remediation process for ET’s product and assets. The lead will support all business planning activities necessary to enable ET to strategically approach to assess the risk exposure and ensure necessary compliance process management. The position’s primary goals will be to identify, document and test business needs against the IT infrastructure and develop / implement recovery strategies. In this role, the lead will also be responsible for overall ownership of an effective enterprise governance framework and their underlying operational processes that are consistent with general regulatory requirements and industry best practices/standards. 
As part of the role the individual will be responsible to assess the existing processes, refine as per the changing business needs and develop / deploy governance models to operationalize GRAC & SIC process within Enterprise Technology. Responsibilities would also include end to end management of necessary business recovery plans for service continuity and restoration within a pre-determined time in case of a disaster. The selected candidate would have to collaborate closely with the global teams in strengthening the relevant plans and evaluate key vendor support contracts to ensure their alignment with ET GRAC & SIC framework. 

Your key responsibilities

As the GRAC & SIC Lead, the key responsibilities would include: 

  • Ensure GRAC & SIC plans and exercises/tests are developed/conducted as per business requirements for all in scope IT functions within Enterprise Technology  
  • Lead the practice for conducting and managing the BIA and Risk Assessments; designing the BC strategies    
  • Maintain a comprehensive plan for vulnerabilities, analysis and remediation plans    
  • Policies and procedures, compliance monitoring relevant to business processes
  • Testing and validation, reporting and documentation of all activities with regards to GRAC & SIC
  • Collaborate with Infosec and ESPM product managers to understand the as-is and road map for future products
  • Collaborate closely with and manage relationships with 3rd party DR providers, vendors, clients, and regulatory agencies    
  • Lead and manage the business during real time incident / crisis / emergency and act as per the established business continuity plan without time boundary    
  • Write executive reports to summarize testing activities, including descriptions of goals, planning, scheduling, execution, results, analysis, conclusions, and recommendations    
  • Engage closely with EY Technology GRAC and SIC professionals who work with senior management in all lines of EY Technology business to coordinate business continuity governance activities
  • Contribute to the development and maintenance of the enterprise-wide business continuity management program including development of tools and instructional guides
  • Contribute to establishing and maintaining program processes and practices which effectively ensure that the enterprise program remains current and incorporates/aligns with industry standards and practices as appropriate, and adequately covers general regulatory requirements
  • Institutionalization of a risk-aware culture, reduce IT risk and protect client and EY data
  • Establish a process of periodic review of GRAC & SIC measurement; conduct continuous improvements in effectiveness of processes and activities. 

Skills and attributes for success

  • Well experienced in managing key Stakeholder relationships, including Senior Management. 
  • Thorough understanding and hands-on experience in GRAC and SIC, preferably in Management Consultancy domain. 
  • In-depth understanding of Industry GRAC and SIC Standards
  • Should have strong knowledge of other Risk domains like Operations Risk Management, IT Security, Cyber Risks, Corporate Security, Health and Safety, to be able to evaluate these Risks.
  • Should possess good working knowledge about IT Operations and IT practices.
  • Can work with minimum direction. Possess a high drive for delivering timely, high-quality results. 
  • Hold high integrity; dedicated to excellence; highly attentive to details; flexible. Possess strong Project Management skills. 
  • Self-motivated, with ability to work independently, as well as with other stakeholders in a collaborative manner. 
  • Strong problem-solving skills and the ability to logically break down a problem into smaller manageable parts to solve.
  • A proven expert in managing multiple stakeholders at all levels of the organization, specifically at senior management level.
  • Excellent communication skills, especially related to facilitation, documentation and reporting
  • Supervisory skills and the ability to leverage support from other parts of the organization
  • Ability to work with a large number of GRAC and SIC Coordinators and Senior Business Heads, to understand their business recovery requirements and give them correct advise on GRAC and SIC. Must possess patience, perseverance and strong ability to assist BCM Coordinators in completion of GRAC and SIC templates, to develop Business recovery strategy considering various outage Scenarios and to perform content and quality reviews of GRAC and SIC Plans prepared by them. To ensure they complete the GRAC and SIC Testing of critical processes, people and IT functions at defined intervals.   

To qualify for the role, you must have

  • Bachelor or Master’s degree in Information Technology, Engineering or Business Management or equivalent



  • 18+ years of relevant experience in Business Continuity Management and IT Disaster Recovery


Certification Requirements:

  • Industry recognized Certifications from BCI, DRI, ISO, other similar Bodies
  • Preferred certifications in BCM and IT DR such as CBCP, MBCI, Certified Risk Professional (ISO 22301), ISMS, OHSAS, ISO 14001
  • CISA and MBA would be additionally preferred qualifications. 


 Ideally, you’ll also have

  • Financial management experience
  • Experience in Service Delivery

What we look for

  •  Thought leadership
  •  Strategic Thinking
  • Automation & standardization
  • Relationship Management
  • Interpersonal & Influencing skills
  • Good communication skills
  • Data-driven decision making


What working at EY offers
We offer a competitive remuneration package where you’ll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well-being, insurance, savings and a wide range of discounts, offers and promotions. Plus, we offer:

  •  Support, coaching and feedback from some of the most engaging colleagues around
  • Opportunities to develop new skills and progress your career
  •  The freedom and flexibility to handle your role in a way that’s right for you


EY | Building a better working world 


EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.


Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.


Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.  

Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Automation CISA Compliance Governance ISMS ISO 22301 IT infrastructure Monitoring Risk assessment Risk management Strategy Vulnerabilities

Perks/benefits: Career development Flex hours Health care Team events

Region: Asia/Pacific
Country: India
Job stats:  4  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.