EY

Quality - Senior Manger

EY  •  Bengaluru, IN (Onsite)  •  3 hours ago
Apply
AI can make mistakes so check important info. Chat history is never stored.

Job Description

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

Contract Risk Lead

Function: Delivery Excellence, Quality and Risk Management at GDS consulting

Job level: Associate Director / Senior Manager

The Contract Risk Lead is responsible for assessing, governing, and monitoring contractual, regulatory, privacy, security, operational, AI, and delivery risks associated with GDS-supported engagements. The role ensures that contract obligations, regulatory requirements, client-specific commitments, and internal risk policies are understood, operationalized, and continuously monitored throughout the engagement lifecycle.

The individual will partner with Legal, Quality & Risk Management, Data Privacy, Information Security, Delivery Excellence, ODC, AI Governance, and Engagement teams to proactively identify risks, provide mitigation guidance, and support predictable, compliant delivery.

Key Responsibilities

Contract Risk Assessment & Governance

  • Review Statements of Work (SOWs), MSAs, Change Requests, Service Agreements, and subcontractor agreements.
  • Identify contractual obligations that may impact delivery, security, privacy, staffing, geography, subcontracting, hosting, AI usage, or operational processes.
  • Translate contractual requirements into actionable delivery controls and compliance obligations.
  • Maintain a repository of contract risk clauses, deviations, exceptions, and mitigation actions.
  • Provide risk sign-offs and recommendations for complex or high-risk engagements.

Data Privacy & Regulatory Compliance

  • Assess contracts for privacy and data protection obligations.
  • Evaluate applicability of:
    • GDPR
    • UK GDPR
    • EU AI Act
    • Digital Operational Resilience Act (DORA)
    • Local country privacy regulations
    • Sector-specific regulations (Financial Services, Healthcare, Public Sector, etc.)
  • Ensure compliance requirements are incorporated into delivery plans.
  • Support privacy impact assessments and data processing reviews.
  • Review cross-border data transfer requirements and restrictions.

AI Risk & Responsible AI Compliance

  • Assess contractual requirements related to AI, GenAI, Machine Learning, Automation, and Data Usage.
  • Identify AI-related obligations including:
    • Transparency requirements
    • Model governance requirements
    • Human oversight requirements
    • Data governance obligations
    • AI security controls
    • AI auditability requirements
  • Partner with AI governance teams to assess compliance with emerging AI regulations and client mandates.
  • Review third-party AI tool usage and associated contractual restrictions.

Information Security & Data Protection

  • Evaluate engagement compliance with:
    • Information Security policies
    • Client security requirements
    • Data handling obligations
    • Encryption standards
    • Access management requirements
    • Incident reporting obligations
  • Validate alignment with privacy, security, and confidentiality commitments.
  • Participate in security reviews, spot audits, and compliance assessments

ODC Governance & Audit Readiness

  • Review contractual clauses governing Offshore Delivery Centers (ODCs).
  • Support ODC setup governance and compliance validation.
  • Ensure contractual commitments are reflected in ODC operational controls.
  • Participate in ODC readiness reviews and audits.
  • Drive audit remediation and closure of identified findings.

Delivery & Operational Risk Management

  • Assess delivery risks arising from:
    • Resource location restrictions
    • Client-specific delivery controls
    • Segregation requirements
    • Staffing commitments
    • Subcontractor usage
    • Service-level obligations
    • Transition and transformation commitments
  • Work with Delivery Excellence teams to ensure contractual obligations are reflected in project governance.
  • Identify risks early and recommend preventive actions.

Compliance Monitoring & Assurance

  • Establish risk control frameworks for high-risk engagements.
  • Monitor compliance throughout the engagement lifecycle.
  • Perform periodic reviews of:
    • Contractual compliance
    • Data privacy compliance
    • Security compliance
    • AI compliance
    • ODC compliance
  • Support internal and external audits.
  • Track remediation plans and risk closure.

Stakeholder Management

  • Partner with:
    • Legal
    • Quality & Risk Management
    • Data Privacy Officers
    • Information Security Teams
    • Delivery Excellence Teams
    • Client Service Teams
    • Engagement Leaders
  • Serve as trusted advisor for contract risk interpretation and mitigation.
  • Present risk assessments and recommendations to leadership forums.

Qualifications

Education

  • Bachelor's degree required.
  • Master's degree, Law degree, or Risk/Compliance qualification preferred.

Experience

  • 10–15 years of relevant experience in:
    • Contract management
    • Risk management
    • Data privacy
    • Regulatory compliance
    • Information security governance
    • Consulting or professional services environments

Preferred Certifications

  • CIPP/E, CIPM, CIPT
  • CRISC
  • CISA
  • ISO 27001 Lead Auditor
  • CISSP
  • Certified Contract Manager (CCM)
  • AI Governance / Responsible AI certifications

Critical Skills

Contract & Legal

  • Contract interpretation
  • Commercial risk assessment
  • Regulatory analysis
  • Negotiation support

Risk & Compliance

  • Enterprise risk management
  • Compliance assessments
  • Audit management
  • Risk reporting

Data Privacy & Security

  • GDPR
  • Privacy-by-design
  • Cross-border data transfers
  • Cybersecurity controls
  • Data classification and handling

AI Governance

  • EU AI Act awareness
  • Responsible AI principles
  • AI risk assessments
  • Third-party AI vendor evaluation

Business & Leadership

  • Executive communication
  • Stakeholder influence
  • Decision-making under ambiguity
  • Ability to translate legal and regulatory requirements into practical delivery controls

Success Measures (KPIs)

  • High-risk contracts reviewed before delivery initiation.
  • Reduction in contract-related escalations and compliance breaches.
  • ODC audit pass rate.
  • Timely closure of audit and compliance findings.
  • Zero material privacy/security violations attributable to contractual non-compliance.
  • AI compliance assessments completed for applicable engagements.
  • Percentage of high-risk engagements covered by proactive contract risk reviews.
  • Leadership satisfaction with risk advisory support.

EY | Building a better working world




EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.




Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.




Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

EY

About EY

EY is building a better working world by creating new value for clients, people, society, the planet, while building trust in the capital markets.

Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow.

EY teams in more than 150 countries work across a full spectrum of services in assurance, consulting, tax, strategy and transactions, strengthened by sector experience and diverse ecosystem partners.

Find out more about the EY global network: http://ey.com/en_gl/legal-statement

Industry
Consulting & Advisory
Company Size
10,000+ employees
Headquarters
London, GB
Year Founded
Unknown
Website
ey.com
Social Media