ZipRecruiter

Log In

EY
EY

60 Ernst Young Security Risk Analyst Jobs Hiring Near You

RIT Solutions

Security Risk Analyst

Tampa, FL

Security Risk Analyst Location: Onsite at 55 Water Street, NYC Position Type: Long Term Contract / Potential several years with Right to Hire GRC focused Security role / Risk management, etc. Minimum ...

blueStone

Security/Risk Analyst

Appleton, WI

Great opportunity for a hands-on Sr. Security/Risk Analyst, an IT leader with ambition and drive to provide strategy, vision, communication, and direction regarding security risks to safeguard ...

next page

Showing results 1-20

All JobsErnst Young JobsErnst Young Security Risk Analyst Jobs

EY Jobs Information

Do workers at EY get paid breaks?

Sometimes. Only some people get paid breaks.
64% of people say they don’t get paid breaks.
Based on data from 11 people who took the Breakroom Quiz between January 2025 and December 2025.

Does EY pay people when they’re sick?

Yes. Most people get paid when they’re sick.
91% of people say they would get paid if they were sick but scheduled to work.
Based on data from 46 people who took the Breakroom Quiz between April 2025 and April 2026.

At EY, are sick days and vacation days separate paid time off?

Sick days and vacation days are separate paid time off.
69% of people say they don’t have to use vacation days when they’re out sick.
Based on data from 39 people who took the Breakroom Quiz between May 2025 and April 2026.

Is the health insurance from EY affordable enough for their workers?

Most people say the health insurance costs are okay.
95% of people say the health insurance costs are okay
Based on data from 43 people who took the Breakroom Quiz between April 2025 and April 2026.

Do people get paid time off at EY?

Most people get paid time off work.
91% of people say they get paid time off.
Based on data from 44 people who took the Breakroom Quiz between May 2025 and April 2026.

How far ahead of time do people find out their work schedule?

Most people find out their schedule less than four weeks ahead of time.
  • 36% of people with changing schedules find out their shifts one week or less ahead of time.
  • 21% of people with changing schedules find out their shifts two weeks ahead of time.
  • 14% of people with changing schedules find out their shifts three weeks ahead of time.
  • 29% of people with changing schedules find out their shifts four weeks or more ahead of time.

Based on data from 14 people who took the Breakroom Quiz between January 2025 and February 2026.

Do workers at EY worry about hours?

Most people don’t worry about getting enough hours.
100% of people report they don’t worry about getting enough hours.
Based on data from 24 people who took the Breakroom Quiz between January 2025 and April 2026.

Do EY workers get to choose the shifts they work?

Some people don’t get to choose which shifts they work.
63% report that they don’t have enough control over which shifts they work.
Based on data from 19 people who took the Breakroom Quiz between January 2025 and December 2025.

How easy is it for EY workers to change shifts?

Most people find it easy to change shifts.
83% of people report that it’s easy to change shifts if they need to.
Based on data from 23 people who took the Breakroom Quiz between January 2025 and April 2026.

How easy is it to get time off at EY?

Most people find it easy to get time off.
86% of people report it’s easy to get time off.
Based on data from 42 people who took the Breakroom Quiz between April 2025 and April 2026.

Do EY managers change schedules at the last minute?

Most managers don’t change people’s schedules at the last minute.
90% of people say their manager doesn’t change their shift schedule at the last minute.
Based on data from 31 people who took the Breakroom Quiz between January 2025 and April 2026.

Do jobs at EY spill into time workers aren’t paid for?

Sometimes. The job can spill into unpaid time.
47% of people report that their job takes up time that they don’t get paid for.
Based on data from 32 people who took the Breakroom Quiz between April 2025 and April 2026.

How easy is it to take sick days at EY?

Most people find it easy to take sick days.
95% of people report that it’s easy to take time off if they are sick.
Based on data from 44 people who took the Breakroom Quiz between April 2025 and April 2026.

Is working at EY good if you’re a parent or caregiver?

Most parents and caregivers say this is a good place to work.
100% of people who care for a child or other relative report this is a good place to work.
Based on data from 10 people who took the Breakroom Quiz between February 2025 and February 2026.

Do people at EY feel treated with respect by their managers?

Most people feel treated with respect by their managers.
93% of people say they’re treated with respect by their managers.
Based on data from 44 people who took the Breakroom Quiz between April 2025 and April 2026.

Do people at EY get to take their breaks without interruption?

Most people get breaks without interruption.
92% of people report that they get to take their breaks without interruption.
Based on data from 36 people who took the Breakroom Quiz between April 2025 and April 2026.

Is it stressful to work at EY?

Some people feel stressed out here.
67% of people say they often feel stressed out at work.
Based on data from 45 people who took the Breakroom Quiz between April 2025 and April 2026.

Do people at EY enjoy their jobs?

Most people enjoy their job.
86% of people report they enjoy their job.
Based on data from 36 people who took the Breakroom Quiz between May 2025 and April 2026.

Do people at EY recommend working with their team?

Only some people recommend working with their team.
34% of people report that they wouldn’t recommend working with their immediate team to a friend.
Based on data from 50 people who took the Breakroom Quiz between April 2025 and April 2026.

Do people get enough training when they start at EY?

Most people got enough training when they started.
82% of people report they got enough training when they started working here.
Based on data from 44 people who took the Breakroom Quiz between April 2025 and April 2026.

Do people get support to advance at EY?

Most people are given support to advance their career here.
In the last year, 93% of people report being given support to advance their career here.
Based on data from 43 people who took the Breakroom Quiz between May 2025 and April 2026.

Do people think EY’s headquarters understands what’s happening where they work?

Most people think headquarters understands what’s happening where they work.
57% of people think that this employer’s headquarters or owners have a good understanding of what’s really happening where they work.
Based on data from 40 people who took the Breakroom Quiz between May 2025 and April 2026.

Do workers feel well informed about how EY is doing?

Most people feel well informed about how the company is doing.
80% of people feel that they are kept well informed about how the company is doing as a whole.
Based on data from 45 people who took the Breakroom Quiz between April 2025 and April 2026.
What other companies are hiring for Security Risk Analyst jobs?
Security Risk Analyst

Security Risk Analyst

RIT Solutions

Tampa, FL

Contractor

Posted 2 days ago

Job description


Position: Security Risk Analyst
Location: Onsite at 55 Water Street, NYC
Position Type: Long Term Contract / Potential several years with Right to Hire
GRC focused Security role / Risk management, etc.
Minimum Qualifications: The EITS Security Risk Analyst will interface between the CISO's strategic and process-based activities and the work of the technology-focused analysts, engineers and administrators in the IT organization. The Security Risk Analyst must be able to translate the IT-risk requirements and constraints of the business into technical control requirements and specifications, as well as develop metrics for ongoing performance measurement and reporting. The Security Risk Analyst coordinates the IT organization's technical activities to implement and manage security.
The EITS Security Risk Analyst is part of the Enterprise Information Technology Services, Information Security and Risk Management team and will work at an enterprise level to ensure a consistent delivery of information security and risk management services. This individual will act as a subject matter expert to the assigned business units on matters regarding information security and compliance with HIPAA, Joint Commission, DSRIP, COBIT, and state privacy laws.
General Tasks and Responsibilities Will Include:
Support Information Security and Risk Management by maintaining and enforcing the Information Security and risk management framework/methodology, including execution of risk analysis and risk mitigation strategies.
Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the CISO with a realistic overview of risks and threats in the enterprise environment.
Exhibit best practice risk management skills through effective internal risk controls, risk monitoring, risk assessment and improvement of risk management processes.
Document and maintain the enterprise security risk governance methodology and risk management policy, process, and procedure.
Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
Organize and perform the enterprise security risk assessment and gap analysis for all technologies, products, and functions introduced, including maintaining risk project work plans to measure and manage progress.
Track and document all internal risk reviews, assessments, risk acceptances, and security exceptions in a GRC tool.
Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements.
Develop a strong working relationship with the security engineering team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements
Serve as the information security liaison and subject matter expert for all relevant EMR and PHI related security risk.
Conduct or participate in all relevant audits and risk assessment activities (whether operational risk, legal/compliance risk, reputational risk, or information security risk).
Aid in the planning and execution of risk remediation activities including the identification of practical, cost effective solutions.
Facilitate team meetings between stakeholders, project leaders, and the Information Technology teams.
Attend regular team, management, and project meetings and provide both verbal and written reports to the Leadership Team as required. This may include coordination with and support of an Operational Risk Committee.
Keep informed on current threats and industry regulations.
Knowledgeable In:
Healthcare industry experience required with understanding of EMR systems and data privacy issues related to PHI
Experience with reviewing IT solution requirements and security controls implementation
A strong understanding of the business impact of security tools, technologies and policies.
Knowledge and experience working with a GRC Software tool
Strong working knowledge of HIPAA, Joint Commission, CMS, and other regulatory legislation pertinent to the healthcare industry
Working knowledge of information security frameworks such as NIST CSF, HITECH, ISO27001/27002, PCI DSS and COBIT
Experience in conducting and responding to information security assessments and audits.
Strong analytical skills and the ability to resolve complex security vulnerabilities and design compensating controls
Other Preferred Skills:
Must possess a high degree of integrity and trust along with the ability to work independently
Participate in special projects as needed and perform other duties as assigned
Must be able to work independently as well as work as part of a fast-moving team
Must be able to work at various locations when necessary along with working various shifts
Educational Level:
A bachelor's degree in information systems
CISSP, CISA, CRISC or other relevant security qualification
Years Of Experience:
A minimum of seven years of IT experience, least 5 years dedicated to IT Security Risk Management, Risk Audit/Assessment, and/or Security and/or Data Privacy Investigation least two years in a supervisory capacity. Minimum Qualifications: The EITS Security Risk Analyst will interface between the CISO's strategic and process-based activities and the work of the technology-focused analysts, engineers and administrators in the IT organization. The Security Risk Analyst must be able to translate the IT-risk requirements and constraints of the business into technical control requirements and specifications, as well as develop metrics for ongoing performance measurement and reporting. The Security Risk Analyst coordinates the IT organization's technical activities to implement and manage security.
The EITS Security Risk Analyst is part of the Enterprise Information Technology Services, Information Security and Risk Management team and will work at an enterprise level to ensure a consistent delivery of information security and risk management services. This individual will act as a subject matter expert to the assigned business units on matters regarding information security and compliance with HIPAA, Joint Commission, DSRIP, COBIT, and state privacy laws.
General Tasks and Responsibilities Will Include:
Support Information Security and Risk Management by maintaining and enforcing the Information Security and risk management framework/methodology, including execution of risk analysis and risk mitigation strategies.
Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the CISO with a realistic overview of risks and threats in the enterprise environment.
Exhibit best practice risk management skills through effective internal risk controls, risk monitoring, risk assessment and improvement of risk management processes.
Document and maintain the enterprise security risk governance methodology and risk management policy, process, and procedure.
Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
Organize and perform the enterprise security risk assessment and gap analysis for all technologies, products, and functions introduced, including maintaining risk project work plans to measure and manage progress.
Track and document all internal risk reviews, assessments, risk acceptances, and security exceptions in a GRC tool.
Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements.
Develop a strong working relationship with the security engineering team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements
Serve as the information security liaison and subject matter expert for all relevant EMR and PHI related security risk.
Conduct or participate in all relevant audits and risk assessment activities (whether operational risk, legal/compliance risk, reputational risk, or information security risk).
Aid in the planning and execution of risk remediation activities including the identification of practical, cost effective solutions.
Facilitate team meetings between stakeholders, project leaders, and the Information Technology teams.
Attend regular team, management, and project meetings and provide both verbal and written reports to the Leadership Team as required. This may include coordination with and support of an Operational Risk Committee.
Keep informed on current threats and industry regulations.
Knowledgeable In:
Healthcare industry experience required with understanding of EMR systems and data privacy issues related to PHI
Experience with reviewing IT solution requirements and security controls implementation
A strong understanding of the business impact of security tools, technologies and policies.
Knowledge and experience working with a GRC Software tool
Strong working knowledge of HIPAA, Joint Commission, CMS, and other regulatory legislation pertinent to the healthcare industry
Working knowledge of information security frameworks such as NIST CSF, HITECH, ISO27001/27002, PCI DSS and COBIT
Experience in conducting and responding to information security assessments and audits.
Strong analytical skills and the ability to resolve complex security vulnerabilities and design compensating controls
Other Preferred Skills:
Must possess a high degree of integrity and trust along with the ability to work independently
Participate in special projects as needed and perform other duties as assigned
Must be able to work independently as well as work as part of a fast-moving team
Must be able to work at various locations when necessary along with working various shifts
Educational Level:
A bachelor's degree in information systems
CISSP, CISA, CRISC or other relevant security qualification
Years Of Experience:
A minimum of seven years of IT experience, least 5 years dedicated to IT Security Risk Management, Risk Audit/Assessment, and/or Security and/or Data Privacy Investigation least two years in a supervisory capacity.

Apply