At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

The opportunity

Join EY's dynamic Cybersecurity practice and take a key role in our Cyber Risk & Resilience team, delivering high-impact assessment services across the Industrials and Energy sectors in Canada. In this role, you will oversee and deliver IT and OT cybersecurity risk management offerings, continuously refining our portfolio to ensure they align with evolving industry needs. This is an excellent opportunity for someone passionate about delivering high-quality risk management services while helping shape innovative solutions for the future of cybersecurity.

You will manage client engagements, support business development efforts, and foster strategic alliances with key partners. Additionally, you will explore new areas, including capital projects and M&A, to expand the scope of traditional cybersecurity assessments. We're seeking a leader who strives for excellence in every assessment, understanding that strong assessments are fundamental to effective cyber risk management.

Your key responsibilities

Client Engagement and Risk Assessment Delivery

• Lead IT and OT cybersecurity risk assessments across the Industrials and Energy sectors, ensuring tailored, high-quality solutions that address clients' specific needs.
• Act as a key point of contact for clients, managing relationships and ensuring that projects meet expectations and deliver value.
• Continuously enhance assessment methodologies to reflect best practices and drive meaningful improvements for clients.

Innovation and Offering Development

• Contribute to the development of new cybersecurity assessment offerings by leveraging emerging technologies and fostering innovation.
• Collaborate with strategic partners, including insurance companies, to create new solutions that expand the value of our risk assessments.
• Explore non-traditional areas, such as capital projects and M&A, to broaden the scope of our cybersecurity assessment services.

Business Development and Growth

• Identify and pursue new business opportunities within the Industrials and Energy sectors, helping to expand EY's market presence.
• Collaborate with leadership on go-to-market strategies and proposal development, positioning EY as a leader in cybersecurity risk management.
• Support the achievement of business development goals by building and maintaining strong client relationships.

Leadership and Team Development

• Lead a team of professionals dedicated to delivering high-quality cybersecurity risk assessments, fostering a culture of excellence and continuous improvement.
• Provide mentorship and guidance to team members, encouraging professional growth and collaboration.
• Contribute to the overall development of the practice by sharing insights and best practices, ensuring we stay ahead of industry trends.

Strategic Alliances and Thought Leadership

• Build and nurture relationships with strategic partners, such as insurance providers and technology vendors, to enhance our service offerings.
• Represent EY as a thought leader by contributing to industry forums, publications, and panels, driving discussions on emerging trends in cybersecurity.
• Collaborate with internal and external stakeholders to bring fresh, innovative perspectives to traditional assessment methods.

Skills and attributes for success

Consulting and Leadership Experience

• Proven experience leading cybersecurity risk assessments, particularly in IT and OT environments within the Industrials and Energy sectors.
• Strong client management skills with a demonstrated ability to navigate complex client environments and deliver high-value outcomes.
• Experience managing multi-disciplinary teams to ensure timely, high-quality delivery of projects.

Cybersecurity Expertise

• In-depth knowledge of cybersecurity frameworks and standards (e.g., NIST, IEC 62443) relevant to IT and OT security.
• Expertise in developing and enhancing cybersecurity risk assessment methodologies.
• Familiarity with emerging technologies and cybersecurity trends, with a focus on innovation and continuous improvement.

Industry Expertise

• Strong understanding of the cybersecurity challenges facing Industrials and Energy companies, including IT/OT convergence, regulatory compliance, and operational resilience.
• Proven track record of delivering risk assessments tailored to the specific needs of these sectors.

Business Development

• A successful track record in identifying and developing new business opportunities.
• Experience leading proposals, responding to RFPs, and drafting Statements of Work (SOWs) that clearly define project scope and deliverables.
• Commitment to building long-lasting client relationships and expanding service offerings.

Innovation and Growth Mindset

• A proactive and innovative mindset, always looking for ways to enhance service offerings and deliver better outcomes for clients.
• Experience collaborating with external partners to co-create solutions and expand the cybersecurity risk assessment market.
• Strong interest in contributing to the continuous growth and development of the practice.

To qualify for the role you must have

• Experience: 5+ years of experience in internal audit, or cybersecurity risk assessment with at least 3 years doing both.
• Proven experience with NIST Cyber Security Framework, NERC CIP, or CSA N290.7 Standard;
• Education: Bachelor's degree in cybersecurity, information technology, business administration, or a related field. Advanced degrees are a plus.
• Strong leadership and team management skills.
• Deep understanding of IA processes, particularly in the context of IT/OT cybersecurity.
• Excellent communication and client relationship management abilities.
• Proven ability to manage complex projects and deliver high-quality results.
• Strategic thinking with a focus on innovation and continuous improvement.
  

Ideally, you'll also have

• Experience in IT/OT environments is highly desirable.
• Desired Certifications:
• Internal Audit Certifications:
• Certified Internal Auditor (CIA)
• Certified Information Systems Auditor (CISA)
• Certification in Risk Management Assurance (CRMA)
• Cybersecurity Certifications:
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)

What we look for

We're interested in intellectually curious people with a passion for cybersecurity and a desire to grow their skills as part of a diverse and engaged team of OT cybersecurity professionals.

What we offer

At EY, our Total Rewards package supports our commitment to creating a leading people culture - built on high-performance teaming - where everyone can achieve their potential and contribute to building a better working world for our people, our clients and our communities. It's one of the many reasons we repeatedly win awards for being a great place to work.

We offer a competitive compensation package where you'll be rewarded based on your performance and recognized for the value you bring to our business. In addition, our Total Rewards package allows you to decide which benefits are right for you and which ones help you create a solid foundation for your future. Our Total Rewards package includes a comprehensive medical, prescription drug and dental coverage, a defined contribution pension plan, a great vacation policy plus firm paid days that allow you to enjoy longer long weekends throughout the year, statutory holidays and paid personal days (based on province of residence), and a range of exciting programs and benefits designed to support your physical, financial and social well-being. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that's right for you

Diversity and Inclusion at EY

Diversity and inclusiveness are at the heart of who we are and how we work. We're committed to fostering an environment where differences are valued, policies and practices are equitable, and our people feel a sense of belonging. We embrace diversity and are committed to combating systemic racism, advancing gender equity and women in leadership, advocating for the 2SLGBTQIA+ community, promoting our neuroinclusion and accessibility initiatives, and are dedicated to amplifying the voices of Indigenous peoples (First Nations, Inuit, and Métis) nationally as we strive towards reconciliation. Our diverse experiences, abilities, backgrounds, and perspectives make our people unique and help guide us. Because when people feel free to be their authentic selves at work, they bring their best and are empowered to build a better working world.

EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.