Global Information Security Strategy Lead

Key Responsibilities Strategic Program Development: Define and drive the development of long-term information security program strategies that support the firm’s business objectives. Ensure security goals, processes, and resources are aligned with overall corporate strategy and priorities, with clear targets for success. Business & Leadership Consulting: Collaborate with senior business and technology leaders to understand short‑ and long‑range business plans. Recommend security strategies and solutions that anticipate future changes in services, technologies, and client requirements, ensuring the security program stays ahead of the curve. Stakeholder Alignment & Adoption: Work across global business and technology teams to build awareness on security initiatives. Rationalize and present recommendations to stakeholders and champion the security strategy across the organization. Drive organization‑wide adoption of strategic security initiatives, resulting in consistent risk reduction and improved security posture. Program Evaluation & Improvement: Analyze the Information Security program’s operational effectiveness, processes, and stakeholder feedback. Identify areas for improvement and optimize processes to increase program effectiveness and agility, ensuring the security program remains a competitive advantage for the firm. Research & Trend Analysis: Monitor and evaluate emerging security technologies, industry trends, and evolving threat landscapes. Determine how these developments could impact the firm and its security posture. Use these insights to proactively adapt and evolve the security strategy, so the program is prepared for future threats and business needs. Innovation & Initiative Planning: Identify strategic opportunities for innovation within the security program. Plan and propose research initiatives or pilot projects to explore new security solutions, architectures, or processes that could strengthen the program. This includes developing business cases for new investments or approaches. Early Engagement in Technology Projects: Partner with teams in Information Security, Enterprise Technology, and Client Technology. As new capabilities are conceived and adopted, work with these teams to develop approaches that address security and business needs from the outset. Executive Reporting & Guidance: Support and guide senior executive decision‑making. Prepare and present high‑level analyses, strategic plans, and road‑maps to executive leadership. Provide clear recommendations for the adoption of new capabilities or approaches, backing them with data‑driven insights and projections. Subject Matter Expertise and Education: Serve as a subject matter expert in information security. Maintain a deep understanding of the firm’s technology portfolio, security architecture, and the business operations of the firm, including how different service lines function. Use this expertise to educate business units on the Information Security program’s strategic direction and to ensure security strategies are well understood and embraced across the organization. External Awareness & Partnership: Build and maintain strong relationships with both internal and external partners to stay informed about potential strategic shifts in technology, security, and business operations. Leverage these relationships to inform the firm’s security strategy and ensure that architecture, engineering, and operations teams are prepared for changes impacting the industry. Required Qualifications & Skills Experience: Minimum 10+ years of experience in roles involving strategy development, organizational change, or business process improvement, with a strong track record of driving business impact. At least 10 years of experience in Information Security or Information Technology domains, demonstrating increasing responsibility and breadth of scope. Education: Bachelor’s or Master’s degree in Computer Science, Information Security, Information Technology, or a related field. An equivalent combination of education and experience will also be considered. Strategic Leadership: Exceptional program leadership and stakeholder management skills. Proven ability to lead cross‑functional initiatives in a global organization, aligning diverse teams (security, IT, and business) through influence and relationship‑building rather than formal authority. Business Acumen: Strong business acumen with the ability to understand the company’s business model and industry (including consulting and audit/assurance services). Capable of translating business needs into security program requirements and articulating the value of security initiatives in business terms. Communication Skills: Excellent communication and presentation skills. Able to effectively convey complex concepts and strategies to both technical teams and non‑technical executive audiences. Advanced English writing skills are required for clear documentation and strategic plan writing. Technical Depth: Broad and deep knowledge of information security domains and technologies – including cybersecurity architecture, risk management, identity and access management (IAM), incident response, and emerging threat mitigation techniques. Able to dive into technical details and also abstract them into high‑level insights for decision‑makers. Results Orientation: Demonstrated track record of delivering results in complex, matrixed environments. Able to manage multiple high‑priority initiatives simultaneously, meet deadlines, and drive projects to completion. Experience in driving adoption of new processes or capabilities across an organization is essential. Preferred Qualifications Global/Enterprise Experience: Experience working in a large multinational company, with exposure to global teams and an understanding of how to navigate a complex enterprise environment. Experience collaborating across different regions and time zones is a plus. Industry Knowledge: Familiarity with professional services businesses, such as consulting or assurance (audit). Understanding the dynamics of a partnership or client‑serving organization can help in aligning security strategies to such environments. Standards & Frameworks: Knowledge of and experience with common information security frameworks and standards (ISO 27001/27002, NIST CSF, CSA, CIS Controls, etc.). Certifications: Relevant security certifications are a plus, such as CISSP, SABSA, or other industry‑recognized credentials, demonstrating a commitment to professional development and expertise in security strategy/architecture. Product Security Lifecycle: Experience with product management or secure development lifecycle (SDLC) practices. For example, having worked on integrating security into the product or software development process. About the Role In this role, the Global Information Security Strategist will join a high‑performing team dedicated to advancing the firm’s security posture in alignment with business goals. Success in this position means you will effectively bridge business strategy with deep cybersecurity insight, ensuring that the company not only defends against current and future threats but also enables secure innovation and growth. You will be expected to collaborate with a wide range of stakeholders and act as a change agent, guiding the organization toward a resilience‑focused, forward‑looking security program. This is a challenging and influential position, ideal for a strategic thinker with a passion for cybersecurity and the ability to drive organizational change. What we offer you We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is $152,700 to $294,000. The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $183,300 to $334,100. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Join us in our team‑led and leader‑enabled hybrid model. Our expectation is for most people in external, client‑serving roles to work together in person 40‑60% of the time over the course of an engagement, project or year. Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well‑being. EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1‑800‑EY‑HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY’s Talent Shared Services Team (TSS) or email the TSS at View email address on click.appcast.io. #J-18808-Ljbffr Ernst & Young Oman