All roles

Open role

GPS - Cyber Security Policy Analyst - Supervising Associate

Remote · Norway Full-time

About the position The Information Security Cybersecurity Strategist is a core member of the EY Government and Public Sector (GPS) Information Security Team, contributing to the strategic direction and execution of the GPS information security program. The role focuses on strengthening the overall security posture of GPS by helping to protect organizational data, systems, and operations while supporting mission and business objectives in a highly regulated environment. The role supports enterprise risk management and compliance by aligning GPS information security practices with EY internal standards and frameworks, and by applying the NIST Risk Management Framework (SP 800‑37) along with security controls and maturity models from NIST SP 800‑53, NIST SP 800‑171, and the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC). Responsibilities include security governance activities such as policy and standards documentation, compliance oversight, and security awareness across GPS personnel, systems, and programs.

Responsibilities

  • Work with executive leadership to develop, maintain, and govern information security PSGs supporting the GPS Information Security Program
  • Translate recommendations from domain professionals, vendor and industry standards, guidelines and leading practices into high-quality, coherent information security PSGs
  • Harmonize GPS information security documentation with EY enterprise policies and standards, NIST security requirements, the DoD Cloud Computing Security Requirements Guide, and applicable regulatory obligations
  • Collaborate with Information Security, Information Technology, Data Protection, Legal, and other internal stakeholders to support consistent implementation of information security requirements
  • Identify and monitor appropriate information security training for all GPS personnel. While some training may be obtained, custom training will need to be developed.
  • Stay up to date with the latest best practices, industry trends, and government security regulations to proactively maintain compliance
  • Collaborate with external assessors and auditors and government officials during security audits and assessments

Requirements

  • Experience working in information security and understanding of information security concepts
  • Knowledge of information security policies/principles of handling and protecting information
  • In-depth understanding of NIST security documentation and CMMC framework such as FIPS and NIST-171 and 800 Series publications and their application.
  • In-depth understanding of DFARS related security requirements and their application.
  • General technical knowledge of operating systems, databases, networks, mobile technologies and cloud services
  • Strong English language skills are required – written and verbal
  • Good writing, presentation, interpersonal, and collaborative skills
  • Ability to collaborate with others to facilitate and enhance compliance with policies
  • Maintain awareness of the current security threat landscape
  • Experience with coordinating tasks, allocating resources, and following tasks and projects through completion
  • Experience with Microsoft Office (Word, Excel, PowerPoint, Visio, and Copilot)
  • Bachelor’s degree in information security/assurance, computer science, or a similar technical field.
  • A minimum of 3+ years of experience in information security, with a preferred focus on US government security requirements and compliance
  • Experience developing and implementing security policies, standards, and procedures in alignment with government security requirements
  • Excellent communication skills, with the ability to effectively articulate complex security concepts to both technical and non-technical stakeholders

Nice-to-haves

  • Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or Certified CMMC Assessor (CCA) are highly desirable
  • Ability to obtain and maintain a Top-Secret Security Clearance

Benefits

  • medical and dental coverage
  • pension and 401(k) plans
  • a wide range of paid time off options
  • flexible vacation policy
  • designated EY Paid Holidays
  • Winter/Summer breaks
  • Personal/Family Care
  • other leaves of absence

More open positions

Security Analyst-IAM

Work from home Full-time role

Senior Cyber Threat Analyst

Work from home Full-time role

Cyber Threat Intelligence Analyst (DoD Secret Clearance)

Work from home Full-time role

Senior Threat Intelligence Analyst

Work from home Full-time role

[Remote] QA Engineer

Work from home Full-time role

Medical Claims Processor, Xcelys, Remote

Work from home Full-time role

Senior Manager, HEOR Product Lead

Work from home Full-time role

Experienced Live Chat Support Specialist – Part-Time – $20 to $25 Per Hour

Work from home Full-time role

Salesforce Developer/ Remote (Denver, CO ) 4 Months Contract

Work from home Full-time role

Bilingual Customer Service Rep - Remote (Must live near McAllen, TX)

Work from home Full-time role

[Remote] Business Intelligence Analyst (Only W2)

Work from home Full-time role

Experienced Part-time Online Data Entry Clerk - Entry Level Opportunity at careerzynith

Work from home Full-time role

Thermal Hydraulics Engineer– LOCA and Containment

Work from home Full-time role

Business Account Executive, TTR - Boston, MA

Work from home Full-time role

Remote - Major Account Manager Hospital Job Details | Stericycle

Work from home Full-time role

Assistant Property Manager - Remote

Work from home Full-time role

Automation Testing Trainer - Remote Job

Work from home Full-time role

Product Manager (Remote)

Work from home Full-time role

Production Intern

Work from home Full-time role

HR Generalist - Full Time (Remote)

Work from home Full-time role

Senior Consumer Experience Strategist (Remote)

Work from home Full-time role