Global Information Security Strategist

About The Position

Requirements

• Minimum 10+ years of experience in roles involving strategy development, organizational change, or business process improvement, with a strong track record of driving business impact.
• At least 10 years of experience in Information Security or Information Technology domains, demonstrating increasing responsibility and breadth of scope.
• Bachelor’s or Master’s degree in Computer Science, Information Security, Information Technology, or a related field. An equivalent combination of education and experience will also be considered.
• Exceptional program leadership and stakeholder management skills.
• Proven ability to lead cross-functional initiatives in a global organization, aligning diverse teams (security, IT, and business) through influence and relationship-building rather than formal authority.
• Strong business acumen with the ability to understand the company’s business model and industry (including consulting and audit/assurance services).
• Capable of translating business needs into security program requirements and articulating the value of security initiatives in business terms.
• Excellent communication and presentation skills.
• Able to effectively convey complex concepts and strategies to both technical teams and non-technical executive audiences.
• Advanced English writing skills are required for clear documentation and strategic plan writing.
• Broad and deep knowledge of information security domains and technologies – including cybersecurity architecture, risk management, identity and access management (IAM), incident response, and emerging threat mitigation techniques.
• Able to dive into technical details and also abstract them into high-level insights for decision-makers.
• Demonstrated track record of delivering results in complex, matrixed environments.
• Able to manage multiple high-priority initiatives simultaneously, meet deadlines, and drive projects to completion.
• Experience in driving adoption of new processes or capabilities across an organization is essential.

Nice To Haves

• Experience working in a large multinational company, with exposure to global teams and an understanding of how to navigate a complex enterprise environment.
• Experience collaborating across different regions and time zones is a plus.
• Familiarity with professional services businesses, such as consulting or assurance (audit). Understanding the dynamics of a partnership or client-serving organization can help in aligning security strategies to such environments.
• Knowledge of and experience with common information security frameworks and standards (e.g., ISO 27001/27002, NIST CSF, CSA, CIS Controls, etc.).
• Relevant security certifications are a plus, such as CISSP, SABSA, or other industry-recognized credentials, demonstrating a commitment to professional development and expertise in security strategy/architecture.
• Experience with product management or secure development lifecycle (SDLC) practices. For example, having worked on integrating security into the product or software development process.

Responsibilities

• Define and drive the development of long-term information security program strategies that support the firm’s business objectives.
• Ensure security goals, processes, and resources are aligned with overall corporate strategy and priorities, with clear targets for success.
• Collaborate with senior business and technology leaders to understand short- and long-range business plans.
• Recommend security strategies and solutions that anticipate future changes in services, technologies, and client requirements, ensuring the security program stays ahead of the curve.
• Work across global business and technology teams to build awareness on security initiatives.
• Rationalize and present recommendations to stakeholders and champion the security strategy across the organization.
• Drive organization-wide adoption of strategic security initiatives, resulting in consistent risk reduction and improved security posture.
• Analyze the Information Security program’s operational effectiveness, processes, and stakeholder feedback.
• Identify areas for improvement and optimize processes to increase program effectiveness and agility, ensuring the security program remains a competitive advantage for the firm.
• Monitor and evaluate emerging security technologies, industry trends, and evolving threat landscapes.
• Determine how these developments could impact the firm and its security posture.
• Use these insights to proactively adapt and evolve the security strategy, so the program is prepared for future threats and business needs.
• Identify strategic opportunities for innovation within the security program.
• Plan and propose research initiatives or pilot projects to explore new security solutions, architectures, or processes that could strengthen the program.
• Develop business cases for new investments or approaches.
• Partner with teams in Information Security, Enterprise Technology, and Client Technology.
• As new capabilities are conceived and adopted, work with these teams to develop approaches that address security and business needs from the outset.
• Support and guide senior executive decision-making.
• Prepare and present high-level analyses, strategic plans, and roadmaps to executive leadership.
• Provide clear recommendations for the adoption of new capabilities or approaches, backing them with data-driven insights and projections.
• Serve as a subject matter expert in information security.
• Maintain a deep understanding of the firm’s technology portfolio, security architecture, and the business operations of the firm, including how different service lines function.
• Use this expertise to educate business units on the Information Security program’s strategic direction and to ensure security strategies are well understood and embraced across the organization.
• Build and maintain strong relationships with both internal and external partners to stay informed about potential strategic shifts in technology, security, and business operations.
• Leverage these relationships to inform the firm’s security strategy and ensure that architecture, engineering, and operations teams are prepared for changes impacting the industry.

Benefits

• Comprehensive compensation and benefits package
• Medical and dental coverage
• Pension and 401(k) plans
• Wide range of paid time off options
• Flexible vacation policy
• Designated EY Paid Holidays
• Winter/Summer breaks
• Personal/Family Care
• Other leaves of absence when needed