Region Security Manager - Assistant Director in Charlotte, NC

$200K - $250K(Ladders Estimates)

Ernst & Young   •  

Charlotte, NC 28202

Industry: Legal & Accounting

  •  

11 - 15 years

Posted 36 days ago

This job is no longer available.

Job Summary:

EY Global Security promotes a safe and secure working environment at EY's offices and client sites. The Region Security Manager will play a key role in driving the regional implementation of Global Security policies and guidance and will develop and mature key elements of core Global Security disciplines consistent with local threats and risks. This person will work with Region Leadership, Global Security and Global/Area/Region Risk Management subject matter experts on security and risk issues.

Essential Functions of the Job:

Working with the Region Managing Partner, Region Director of Administration and Global Security, the role will entail involvement with, but not limited to, the following activities:

Planning and Policy

To understand and assist in the implementation of EY's Global Security Policy. This will include security operations, threat and riskmonitoring, business continuity management (emergency preparedness and response planning, business continuity planning), physical security,asset protection (insider threat), travel security, and executive and meeting protection.

Business Continuity Management (BCM)

Emergency response plan and procedures must be developed at office location level and must include at a minimum:

· Assigned crisis management team (CMT) and alternates, with agreed responsibilities

· Notification and escalation tool and procedures (including full implementation of EY's mass notification tool)

· Published list of immediate and subsequent actions to manage an emergency

· Procedures for communicating in advance of, during, and after an emergency to EY people and families, clients, stakeholders, media

· Greater specificity of planning and strength of resilience, where there is elevated threat and/or risk exposure

· Coordination with landlord's and local emergency responders' plans

· Regular training and exercise to prepare the CMT to respond effectively to a crisis situation (including test of the mass notification tool, once implemented)

· Annual plan maintenance process to routinely update plans to reflect the changes in staffing and logistics

Business continuity plans and procedures must be developed on an office, country or Region level (as appropriate for the geographical size under consideration - scope of plans should be devised in coordination with Global Security) and must include at a minimum:

· Assigned Business Continuity Plan (BCP) management team, and alternates with agreed upon responsibilities

· Notification and escalation procedures

· Process for identifying critical functions and requirements through a business impact analysis

· Process for prioritizing clients and client service commitments/responsibilities

· Published list of immediate and subsequent actions to manage a business interruption

· Arrangements and recovery procedures to meet critical requirements in established timescales

· Development of and reference to or inclusion of the pandemic plan and any related infectious disease plan(s)

· Confirmation of business continuity plans in place, meeting EY's recovery requirements, with critical local suppliers and service providers

· A method for monitoring and tracking disaster related expenses sufficient to document continuity insurance claims

· Annual training and exercise to prepare the BCP team to recover effectively in a disaster situation

· Annual plan maintenance process to routinely update plans to reflect the changes in staffing and processes

Physical Security

To safeguard people and physical assets at EY offices physical security implementation must include at a minimum:

§ Formal written documentation of all existing controls

§ When considering new office space, a review of risk and threats present in and around the site and what controls the landlord is offering to offset these threats and risks

§ Controls to manage access to EY Facilities

§ Controls to ensure access system permits only authorized persons into EY space

§ Controls to create an audit trail for access to and movement within EY offices

§ Controls to limit access to sensitive areas (data rooms, records centers) to those with a business need

§ Management of security data in compliance with applicable laws, regulations and privacy policy

§ Controls to manage visitors access and use of EY facility

§ Controls to allow temporary access to EY facilities for visiting EY personnel and local EY personnel who have forgotten their security credentials

· Controls to manage vendors (e.g. cleaning staff, repair people, building maintenance) and other non EY people who need access to EY space

· Technical or manual controls to make certain that office perimeter and sensitive access doors are operating correctly

§ Controls to safely manage inbound and outbound mail and packages

§ Controls to ensure handling of personally identifiable information is consistent with relevant EY Privacy polices

Asset Protection

Asset Protection implementation must include at a minimum:

· Prevention, detection, and response to insider threats (as defined through the EY Insider threat program)

· Asset protection processes and reporting protocols

Travel Security

Travel Security discipline includes, at a minimum:

· Use of EY's travel compliance process for travel to the extreme risk destinations. The compliance process must be initiated as soon as the potential travel is anticipated, to prevent negative impact from any unknown delays that may result

· Coordination with Region travel services providers and use, coordination and implementation of travel security tools

Executive and Meeting Protection

Protection of EY's Executives and meetings must include, at a minimum:

· Identification of EY Executives warranting protections enumerated within this security discipline

· Provision of extraordinary support in extreme/high risk destinations as warranted

· Threat and risk assessment for meetings reflecting:

· The status or public interest of external speakers and attendees

· Other events taking place at the same time, either at the venue, or in the vicinity

· Capabilities of existing in-house security arrangements

· Procedures to protect sensitive discussions/documentation (spoken, electronic and hard copy)

· Confirmation of appropriate conference/hotel facility emergency preparations

· Pre-identification of local emergency services (fire, police, medical)

Security Operations

Security Operations requirements for the Region include:

· Participation in compliance process as related to any or all security disciplines

· Communication of awareness material across the Region

· Reporting on completion status of the implementations referred to in any of the security disciplines

· Support and participation in any cross-functional security initiatives, as applicable to the Region

· Conduct threat assessments

· Work with local, state and federal law enforcement agencies to resolve issues such as missing persons, theft, threats against the Firm's workforce, brand, locations, or assets.

· Ability to communicate with executive leadership

· Coordinate with Enterprise Support Services (ESS), Talent Team, EY Assist, General Counsel Office (GCO) and other business units as necessary to identify and document existing security practices, and recommend revisions

· Facilitate training for Active Shooter and workplace violence threats

· Must have 24/7 availability in the event of emergency events requiring immediate response, either telephonically or in person as appropriate and the capability to cover other Regional Security Managers during their off or away time.

· Working knowledge of RFP and contract preparation

Analytical Responsibilities:

Individual will be responsible for collaborating within the Region Managing Partner, Region Director of Administration, EY's Global Securityteam and with other functions to further strengthen EY's internal and external security. To accomplish this, it will be important for this role to analyse the business environment, geographical variations, security requirements and stakeholder expectations.

Supervision Responsibilities:

Individual must be a self-starter, capable of readily managing and switching between multiple tasks and working with minimalsupervision. Given the nature of the role, flexibility in schedule is required. The role currently does not contemplate any significant directsupervision of others, however, may play a supervisory role over some internal/external contractors engaged to support Security activities.


Certification Requirements:

The following certifications/training while not mandatory, will enhance the overall qualifications of the candidate:

· A recognized security/business continuity qualification (such as CPP, PSP, CBCI, CSyP, CBCP/MBCP);

· Graduation from the FBI National Academy or similar level police command leadership curriculum;

· Formalized experience in conducting threat assessments related to workplace violence or protection of people/assets, active shooter training and/or curriculum development.


Valid Through: 2019-10-11