Job Details

Data Protection and Privacy - Assistant Director (Data Risk Manager)

Location: Anywhere in Country

At EY, we're all in to shape your future with confidence. We'll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go.

Opportunity

We are operating in an increasingly connected world that is changing how to manage risk. With fast‑paced technology advancements, new innovations within emerging technologies, and an ever‑challenging regulatory environment, it is business critical for our organization to not only identify the risks, but also the opportunities these present. As a Data Risk Manager, you will make educated, thoughtful decisions on Risk Management. Our brand depends on it. It's all part of our long‑term commitment to building a better working world and in return, you can expect plenty of opportunities to take on new responsibilities and develop your career.

Key Responsibilities

• Assist in the development, implementation, and monitoring of activities within the Data Protection program.
• Manage the firm's confidential and personal information inventory and data subject rights (DSR) request process.
• Investigate and address data incidents (loss, theft, and inappropriate disclosure or use of confidential/personal information) in accordance with EY's policies and procedures.
• Serve as the primary point of contact for EY client‑serving teams and coordinate incident response, data inventory management, and DSRs with Legal, IT, Investigations, and Executive Leadership functions.
• Interpret data protection and privacy laws and policies, determine required actions for standard and non‑standard situations, and make recommendations based on firm guidance, professional standards, and acquired experience.
• Coordinate and report various Data Protection activities to stakeholders and interact with executive‑level personnel.
• Maintain EY confidential and personal information inventory and fulfill data protection regulatory requirements (e.g., Records of Processing Activities).
• Respond to data subject rights (DSR) and internal data access requests in accordance with applicable legal requirements and EY policies.
• Document, conduct, and assist with investigations of data incidents; collaborate with clients, internal functions, and EY service lines to understand root cause, assess impact, and develop remediation plans.
• Collaborate with EY Information Security functions to design and implement controls (e.g., data loss prevention, insider threat detection) to protect confidential and personal information.
• Develop, drive, and execute strategy to continuously build out the Data Risk Management function to align with industry‑leading practices and regulatory requirements.
• Track and analyze new and/or revised applicable data protection laws, regulations, and standards (e.g., CPRA, VCDPA, HIPAA).
• Develop and maintain EY U.S. data protection policies, guidance, training, and awareness communication plans.
• Interact with various stakeholders and functions across the organization, including Information Security, Risk Management, General Counsel's Office (GCO), Service Line Quality, Talent, and client‑serving teams.
• Assist in reporting on Data Protection program activities to key stakeholders within the organization, including senior leaders within EY Service Line Quality, GCO, Risk Management, and other functions.
• Maintain and expand current knowledge of the field of expertise and communicate new developments and resulting impact to program stakeholders and team members.
• Participate in other ad‑hoc projects as assigned.

Skills and Attributes for Success

• Strong verbal and written communication skills and the ability to interface effectively and diplomatically with all levels of EY personnel.
• Solid understanding of relevant firm business and area‑wide data protection issues and concerns.
• Strong project management and problem‑solving skills.
• Strong investigative mindset with the ability to quickly assess situations and determine impact.
• Proven ability to lead under pressure.
• Flexibility and initiative.
• Independent decision‑making skills and discretion on when to seek senior support.
• Ability to right‑size risk.
• High degree of cultural and emotional intelligence.
• Ability to deliver tough messages to executive leaders within the firm.
• Excellent organizational skills and the ability to handle multiple tasks and meet deadlines in a fast‑paced environment.
• Ability to train and supervise local or virtual teams, including junior Data Protection team members and other operational teams.
• Foster teamwork and maintain effective working relationships with internal clients/stakeholders.
• Responsive with the ability to manage high workload volumes efficiently and effectively.
• Good working knowledge of information systems and common software packages.
• Experience with data protection technologies (e.g., Data Loss Prevention).
• Bachelor's degree or equivalent work experience; Graduate degree preferred.
• 4‑6+ years related experience.

Qualifications (Ideal)

• Reference existing firm data protection and privacy policies and provide solutions for complex situations.
• Strong knowledge of global, national, and local data protection laws, regulations, and standards.
• Sound understanding of high‑level technology trends and issues surrounding data protection.
• Privacy certification from ISACA or the International Association of Privacy Professionals (CIPP, CIPM, CDPSE).

What We Offer

• A comprehensive compensation and benefits package. Base salary range for this role in all geographic locations in the U.S. is $111,100 to $207,800, with higher ranges for New York City Metro Area, Washington State, and California (excluding Sacramento). Total Rewards includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options.
• Our hybrid model expects you to work in person 40‑60% of the time over the course of a project or year.
• Flexible vacation policy—choose how much vacation time you need based on your personal circumstances.
• Designated EY Paid Holidays, winter/summer breaks, personal/family care, and other leaves of absence to support your well‑being.

Apply Today

EY accepts applications for this position on an ongoing basis.

EY focuses on high‑ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities.

EY is committed to providing reasonable accommodation to qualified individuals with disabilities. If you have a disability, please contact 1‑800‑EY‑HELP3 for assistance during the application process.

EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity, pregnancy, protected veteran status, or disability status, in accordance with applicable law.

EEO Statement

We are an equal opportunity employer. All qualified applicants will receive consideration for employment without discrimination based on protected factors. We are committed to ensuring a diverse and inclusive workplace.