Manager; Senior Executive; Cyber Strategy and Execution - EY Parthenon

Manager (Senior Executive) (Cyber) Strategy and Execution – EY Parthenon

2 days ago – Be among the first 25 applicants

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world.

Manager (Senior Executive) (Cyber) Strategy and Execution – EY Parthenon

EY’s market‑leading Strategy and Execution (S&E) team provides technology & operations advice to corporate and private equity firms who intend to acquire, divest, or restructure businesses. The team comprises advisors with specialist commercial, operations, IT, cyber and deal‑transaction experience from industry, advisory and audit backgrounds.

We are seeking to expand our team by recruiting a manager to work in our Transactions team, supporting the delivery of cyber due diligence projects for a range of clients, including private equity and corporate. You will demonstrate a strong background in cyber risk management and privacy with experience drawn from consulting or in‑house information security/cyber practice.

As a manager you will manage small delivery teams, advise clients on cyber due diligence, analyse company data, conduct outside‑in research, evaluate cyber risk impact on potential investments or divestments, recommend and cost solutions, and help clients understand what must be done if the transaction closes.

• Strong desire to work in M&A across the transaction lifecycle, predominantly in the pre‑deal/diligence phase.
• Knowledge and experience of recognised cyber standards and frameworks such as ISO
  27001, NIST CSF, CIS Controls, Cyber Essentials, PCI.
• Familiarity with current and emerging regulations such as EU GDPR, EU AI Act, and NIS 2, and the ability to conduct gap assessments and define impact to the transaction.
• Understanding of key concepts such as privacy and security by design, secure coding especially in software/product development.
• Ability to design an operating model for managing cyber risk and privacy, optimised for effectiveness and value.
• Effective at leading projects or significant work streams with little to no support.
• Produces complete, error‑free deliverables (data books, reports, non‑branded deliverables, blueprints, Day 1 plans, board packs, workshop content).
• Supports Engagement Leaders in identifying, scoping, closing opportunities – both current and new.
• Demonstrates strong client influence and relationship management, effectively prioritising team efforts based on client needs.

• Proven experience and ability to communicate with clarity and impact to senior stakeholders – e.g., leading large projects with senior visibility or presenting technical topics to non‑technical audiences.
• Stakeholder management – collaborate with company management teams and other stakeholders to align on value creation objectives and strategies.
• History of successful project delivery in corporate businesses, responsible for managing project team members and vendors; broad cyber experience covering risk management, cyber controls, standards, resilience, and response.
• Professional services / consulting experience within transactions: due diligence, value creation, carve‑out or integrations.
• Deep understanding of one or more core aspects of a cyber function (e.g., governance, risk, and compliance, CISO, App Sec, compliance, privacy).
• Deep knowledge of cyber governance and risk controls within businesses and how this can support and safeguard business operations.

• Experience supporting sales and business development for professional services in a large‑scale consulting environment.
• Experience providing cyber and privacy advice to senior stakeholders; transactions/M&A experience advantageous.
• Ability to design a roadmap to optimise performance within financial/budgetary limits.
• High‑level understanding of secure development of applications throughout the SDLC.
• Understanding of how private equity firms are structured to buy and sell assets in their portfolio.
• Cyber or privacy certification such as CISSP, CISM, CIPP/E,…