Global Data Risk Controls Program Leader

Location: London

Other locations: Primary Location Only

Date: 13 Jan 2026

Requisition ID: 1672461

The Global Data Risk Controls Program Leader is the principle point of leadership and direction for a unifying Global Risk and Control Framework for data risk across EY. This lies at the heart of our governance model for data risk, connecting cross-functional initiatives across our global teams to build a culture of effective data risk management for all EY.

The landscape of data risks to consider is vast – from spanning the lifecycle of data from collection & creation, through to retention & disposition; Covering regulatory, contractual and ethical requirements; Considering how data is used and re-used, with effective governance and world class protection and security; Ultimately our data is powering our journey to become the world’s most trusted AI-powered professional services organization. Managing risk across this dynamic environment is central to maintaining trust and confidence – from our Clients, our Member Firms & Service Lines, our regulators and our people.

The Global Data Risk Controls Program Leader is an experienced Risk Management or Data Protection professional at EY with knowledge and curiosity for the canvas of data, technology, security and innovation risk, and excellent connections to cross-functional leaders within global functions. Confident to operate on a dynamic risk landscape to create and manage a consistent and globally applicable framework for data risks and controls within global functions, Member Firms and across Service Lines. Empowering and enabling the First LoD, the Data Risk Program Leader is a strong communicator, natural collaborator and is adept at managing a portfolio of multi-stakeholder activity.

The Global Data Risk – Controls Program Leader will

• Maintain and transform a dynamic Global Risk and Control framework for data risks –the foundation for all data governance activities within EY.
• Link to and mature the use of this framework for control monitoring and testing across a variety of contexts.
• Leverage advanced control mapping techniques to identify, assess, and mitigate risks proactively, ensuring that controls are optimally aligned with evolving regulatory and business requirements.
• Establish and mature the use of this matrix for control testing for all client engagements via Global Compliance Engagement Testing (GCET).
• Establish and mature the use of this matrix for control testing for Data Risks in AI development and deployment in conjunction with Global Innovation Risk Management.
• Drive the automation of control testing processes to increase efficiency, accuracy, and scalability in monitoring data risk controls across the organization.
• Define baseline and elevated levels of controls for handling client information to support the Data Protection and Confidentiality Global Policy objectives.
• Utilize technology solutions to streamline the identification of control gaps and enable reporting and remediation tracking.
• Update and maintain control descriptors in line with the Data Protection and Confidentiality Global Policy and supplementary guidance.
• Create and deploy global training for all required Data Risk controls.
• Create and deploy global awareness for all required Data Risk controls.
• Development of this framework requires active engagement and influence of global leaders within Service Lines, Risk, GCO and Compliance functions, in addition to effective communication and deployment to Regional Leadership teams.
• Articulate future strategies to identify and evaluate data risks at a Regional and local level and develop business cases accordingly.
• Articulate future strategies to evaluate and monitor the presence and effectiveness of controls and data risk mitigation activities. Maintain a control content repository, a test script library, and dashboards for KRIs/trends; progressively automate evidence collection and control checks.
• Coordinate and shape global data risk appetite, strategy, prioritization and delivery to ensure data risk approaches continue to mature across EY.
• Maintain effective collaborative relationships with allied functions including GCO, Information Security, Technology, and Risk.

• Experienced professional in the delivery of risk and compliance for Data Protection, Data Governance, or Information Security – combined with a desire to learn more about the aligned and emerging risks that connect these functions.
• An understanding of data-impacting regulatory frameworks and their implementation.
• Proven track record of delivery, leading programs that are cross‑functional and cross‑border.
• Confident communication and collaboration skills across Service Lines, Member Firms, and global enablers (RM, SLQ, DSO, Information Security, Technology, GCO), with the ability to influence leadership teams, manage multi stakeholder portfolios, and drive aligned goals.
• Professional curiosity to explore a complex and dynamic risk landscape.
• Organization, prioritization and agility to respond in operational or project roles.

At EY,we’lldevelop you with future‑focused skills and equip you with world‑class experiences.We’llempower you in a flexible environment, and fuel you and your extraordinary talents in a diverse and inclusive culture of globally connected teams. Learnmore .

Are you ready to shape your future with confidence? Apply today.

To help create an equitableand inclusive experience during the recruitment process, please inform us as soon as possible about any disability-related adjustments or accommodations you may need.

EY | Building a better working world