Global Information Security Strategist Associate Director

At EY, we're all in to shape your future with confidence. We'll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. The Global Information Security Strategist is a senior role responsible for shaping and implementing the long-term information security strategy of the firm. This individual will work closely with the Global Lead for Information Security Strategy and Research to ensure that security initiatives not only protect the firm's assets and reputation but also enable business objectives. The strategist will combine deep knowledge of emerging technologies and threats with strong business acumen to drive security programs that align with the company's global strategy and operational needs. This role involves high-level collaboration, strategic planning, and leadership to keep the Information Security program a step ahead of evolving business demands and cyber risks.

Key Responsibilities:

+

Strategic Program Development:

Define and drive the development of long-term information security program strategies that support the firm's business objectives. Ensure security goals, processes, and resources are aligned with overall corporate strategy and priorities, with clear targets for success. +

Business & Leadership Consulting:

Collaborate with senior business and technology leaders to understand short- and long-range business plans. Recommend security strategies and solutions that anticipate future changes in services, technologies, and client requirements, ensuring the security program stays ahead of the curve. +

Stakeholder Alignment & Adoption:

Work across global business and technology teams to build awareness on security initiatives. Rationalize and present recommendations to stakeholders and champion the security strategy across the organization. Drive organization-wide adoption of strategic security initiatives, resulting in consistent risk reduction and improved security posture. +

Program Evaluation & Improvement:

Analyze the Information Security program's operational effectiveness, processes, and stakeholder feedback. Identify areas for improvement and optimize processes to increase program effectiveness and agility, ensuring the security program remains a competitive advantage for the firm. +

Research & Trend Analysis:

Monitor and evaluate emerging security technologies, industry trends, and evolving threat landscapes. Determine how these developments could impact the firm and its security posture. Use these insights to proactively adapt and evolve the security strategy, so the program is prepared for future threats and business needs. +

Innovation & Initiative Planning:

Identify strategic opportunities for innovation within the security program. Plan and propose research initiatives or pilot projects to explore new security solutions, architectures, or processes that could strengthen the program. This includes developing business cases for new investments or approaches. + Early Engagement in

Technology Projects:

Partner with teams in Information Security, Enterprise Technology, and Client Technology. As new capabilities are conceived and adopted, work with these teams to develop approaches that address security and business needs from the outset. +

Executive Reporting & Guidance:

Support and guide senior executive decision-making. Prepare and present high-level analyses, strategic plans, and roadmaps to executive leadership. Provide clear recommendations for the adoption of new capabilities or approaches, backing them with data-driven insights and projections. +

Subject Matter Expertise and Education:

Serve as a subject matter expert in information security. Maintain a deep understanding of the firm's technology portfolio, security architecture, and the business operations of the firm, including how different service lines function. Use this expertise to educate business units on the Information Security program's strategic direction and to ensure security strategies are well understood and embraced across the organization. +

External Awareness & Partnership:

Build and maintain strong relationships with both internal and external partners to stay informed about potential strategic shifts in technology, security, and business operations. Leverage these relationships to inform the firm's security strategy and ensure that architecture, engineering, and operations teams are prepared for changes impacting the industry.

Required Qualifications & Skills:

+

Experience:

Minimum 10+ years of experience in roles involving strategy development, organizational change, or business process improvement, with a strong track record of driving business impact. At least 10 years of experience in Information Security or Information Technology domains, demonstrating increasing responsibility and breadth of scope. +

Education:

Bachelor's or Master's degree in Computer Science, Information Security, Information Technology, or a related field. An equivalent combination of education and experience will also be considered. +

Strategic Leadership:

Exceptional program leadership and stakeholder management skills. Proven ability to lead cross-functional initiatives in a global organization, aligning diverse teams (security, IT, and business) through influence and relationship-building rather than formal authority. +

Business Acumen:

Strong business acumen with the ability to understand the company's business model and industry (including consulting and audit/assurance services). Capable of translating business needs into security program requirements and articulating the value of security initiatives in business terms. +

Communication Skills:

Excellent communication and presentation skills. Able to effectively convey complex concepts and strategies to both technical teams and non-technical executive audiences. Advanced English writing skills are required for clear documentation and strategic plan writing. +

Technical Depth:

Broad and deep knowledge of information security domains and technologies - including cybersecurity architecture, risk management, identity and access management ( IAM ), incident response, and emerging threat mitigation techniques. Able to dive into technical details and also abstract them into high-level insights for decision-makers. +

Results Orientation:

Demonstrated track record of delivering results in complex, matrixed environments. Able to manage multiple high-priority initiatives simultaneously, meet deadlines, and drive projects to completion. Experience in driving adoption of new processes or capabilities across an organization is essential.

Preferred Qualifications:

+

Global/Enterprise Experience:

Experience working in a large multinational company, with exposure to global teams and an understanding of how to navigate a complex enterprise environment. Experience collaborating across different regions and time zones is a plus. +

Industry Knowledge:

Familiarity with professional services businesses, such as consulting or assurance (audit). Understanding the dynamics of a partnership or client-serving organization can help in aligning security strategies to such environments. +

Standards & Frameworks:

Knowledge of and experience with common information security frameworks and standards (e.g., ISO 27001/27002, NIST

CSF , CSA , CIS

Controls, etc.). +

Certifications:

Relevant security certifications are a plus, such as

CISSP , SABSA

, or other industry-recognized credentials, demonstrating a commitment to professional development and expertise in security strategy/architecture. +

Product Security Lifecycle:

Experience with product management or secure development lifecycle ( SDLC ) practices. For example, having worked on integrating security into the product or software development process. About the

Role:

In this role, the Global In To view full details and how to apply, please login or create a Job Seeker account