Regional Security Risk Manager - Johannesburg, South Africa - EY

Verified Company

Johannesburg, South Africa

1 week ago

Posted by:

Thabo Mthembu

beBee Recruiter

Description

Job Summary:

Essential Functions of the Job:

Working with the Region Managing Partner, Region Risk Management Leader and Global Security, the role will entail involvement with, but not limited to, the following activities:

**Planning and Policy**To understand and assist in the implementation of EY's Global Security Policy. This will include security operations, threat and risk monitoring, business continuity management (emergency response, crisis management, and business continuity), physical security, incident management, asset protection (insider threat), travel security, and executive and meeting protection.

- **Business Continuity Management (BCM)**Emergency response plan and procedures have been developed at office location level and Crisis Management Plans have been developed on a cluster level. These plans must be reviewed and updated on an annual basis, at a minimum.

Such review shall include the review of:

Assigned crisis management team (CMT) and alternates, with agreed responsibilities
Notification and escalation tool and procedures (including full implementation of EY's mass notification tool).
Published list of immediate and subsequent actions to manage an emergency.
Procedures for communicating in advance of, during, and after an emergency to EY people and families, clients, stakeholders, media.
Greater specificity of planning and strength of resilience, where there is elevated threat and/or risk exposure.
Annual training and exercise to prepare the CMT to respond effectively to a crisis situation (including test of the mass notification tool, once implemented).
Annual plan maintenance process to routinely update plans to reflect the changes in staffing and logistics

Business continuity plans and procedures have been developed on a cluster level (as appropriate for the geographical size under consideration - scope of plans have been devised in coordination with Global Security).

BCPs must be reviewed and updated on an annual basis, at a minimum.

Such review shall include the review of:

Assigned Business Continuity Plan (BCP) management team, and alternates with agreed upon responsibilities.
Notification and escalation procedures.
Process for identifying critical functions and requirements through a business impact analysis.
Process for prioritizing clients and client service commitments/responsibilities.
Published list of immediate and subsequent actions to manage a business interruption.
Arrangements and recovery procedures to meet critical requirements in established timescales.
Development of and reference to or inclusion of the pandemic plan and any related infectious disease plan(s).
Confirmation of business continuity plans in place, meeting EY's recovery requirements, with critical local suppliers and service providers.
A method for monitoring and tracking disaster related expenses sufficient to document continuity insurance claims.
Annual training and exercise to prepare the BCP team to recover effectively in a disaster situation.
Annual plan maintenance process to routinely update plans to reflect the changes in staffing and processes

-
Physical Security
To provide security governance and oversight regarding people and physical assets safeguard at EY offices.

This includes ensuring that there are adequate:

Formal written documentation of all existing controls.
Review of risk and threats present in and around the site and what controls the landlord is offering to offset these threats and risks, when considering new office space.
Controls to manage access to EY Facilities.
Controls to ensure access system permits only authorized persons into EY space.
Controls to create an audit trail for access to and movement within EY offices.
Controls to limit access to sensitive areas (data rooms, records centres) to those with a business need.
Controls to manage security data in compliance with applicable laws, regulations and privacy policy.
Controls to manage visitors' access and use of EY facility.
Controls to allow temporary access to EY facilities for visiting EY personnel and local EY personnel who have forgotten their security credentials.
Controls to manage vendors (e.g. cleaning staff, repair people, building maintenance) and other non EY people who need access to EY space.
Technical or manual controls to make certain that office perimeter and sensitive access doors are operating correctly.
Controls to safely manage inbound and outbound mail and packages.
Controls to ensure handling of personally identifiable information is consistent with relevant EY Privacy policies.

- **Asset Protection**To provide security governance and oversight regarding Asset Protection, this includes ensuring that there are adequate:

Control for prevention, detection, and response to insider threats (as defined through the EY Insider threat program).
Asset protection processes and reporting protocols.

- **Trav