Technology has always been at the heart of what we do and deliver at EY. We need technology to keep an organization the size of ours working efficiently. We have 250,000 people in more than 140 countries, all of whom rely on secure technology to be able to do their job every single day. Everything from the laptops we use, to the ability to work remotely on our mobile devices and connecting our people and our clients, to enabling hundreds of internal tools and external solutions delivered to our clients. Technology solutions are integrated in the client services we deliver and is key to us being more innovative as an organization.
EY Technology supports our technology needs through three business units:
Client Technology (CT) - focuses on developing new technology services for our clients. It enables EY to identify new technology-based opportunities faster and pursue those opportunities more rapidly.
Enterprise Technology (ET) ET supports our Core Business Services functions and will deliver fit-for-purpose technology infrastructure at the cheapest possible cost for quality services. ET will also support our internal technology needs by focusing on a better user experience.
Information Security (Info Sec) - Info Sec prevents, detects, responds and mitigates cyber-risk, protecting EY and client data, and our information management systems.
As a Security Consultant, the individual will provide security guidance to internal IT project teams responsible for delivering business solutions, with a focus on end user technology and related solutions. The Security Consultant will identify and prioritize security-related requirements, promote secure-by-default designs and ensure information systems and infrastructure will be secured throughout the system development life cycle (SDLC) in an agile environment.
Your key responsibilities
The Security Consultant is expected to perform risk assessments of mobile applications, mobile and desktop end user technology platforms, infrastructure systems and solutions; develop appropriate risk treatment and mitigation options; effectively articulate findings and recommendations to internal customers and management; and The Security Consultant will be expected to work on multiple projects and tasks concurrently.
Skills and attributes for success
- Solid background in IT risk assessments, and knowledge of good security practices and controls used in applications and infrastructure.
- Translate technical vulnerabilities and security risks into business risk terminology for business units and recommend corrective actions to customers and project stakeholders.
- Ability to document and produce meaningful artefacts on risk assessments, engagement Statements of Work, process, minimum security baselines and presentations on security risks.
- Manage customer expectations and deliver quality security consulting services while balancing business objectives with security requirements.
- Ability to partner with technical teams in a practical manner when conflicting interests arise while preserving EY core security principles and policies.
- Ability to proactively lead, own and research security related subject matters when required to take a position or resolve issues.
- Ability to team well with others to facilitate and enhance the understanding & compliance to security policies.
To qualify for the role, you must have
- A minimum of 8-10 years of experience in an Information Security or Information Technology discipline.
- Two or more years of experience with iOS and Android security such as mobile application security analysis, mobile application penetration testing, mobile threat modelling, mobile device forensics, and assessing mobile device security capabilities.
- Three or more years of experience with understanding and defining good security practices for end user technology platforms (e.g. iOS, Android, macOS, Windows 10), multi-tier information systems, applications (e.g. web, mobile, desktop), and End Point Security solutions.
- Working experience in performing security risk assessments for information systems and applications such as those for web, desktop, and mobile.
- Develop appropriate risk treatment and mitigation options to address security risks identified during security reviews or risk assessments.
- Excellent interpersonal, communication, organizational and project management skills.
- Flexibility to adjust to multiple demands, shifting priorities, ambiguity and rapid change.
Ideally, youll also have
- One or more years of experience with iOS and Android mobile application development, Agile Methodology, Continuous Integration / Continuous Delivery, and IoT security.
- Knowledge or experience with Microsoft Azure cloud technology stack (e.g. M365, SharePoint, OneDrive for Business, Intune, Conditional Access) and Azure cloud applications.
- Knowledge of common information security standards and risk analysis methodologies, such as: ISO 27001/27002, NIST, PCI, COBIT, ISF IRAM2, and OWASP.
What we look for
We look for people who are customer-focused with excellent interpersonal, communication and organizational skills. The ideal candidate will have flexibility in adjusting to multiple demands, shifting priorities, ambiguity, rapid change and a strong desire to learn.
What working at EY offers
We offer a competitive remuneration package where youll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well-being, insurance, savings and a wide range of discounts, offers and promotions. Plus, we offer:
- Support, coaching and feedback from some of the most engaging colleagues around
- Opportunities to develop new skills and progress your career
- The freedom and flexibility to handle your role in a way thats right for you
EY is committed to be an inclusive employer and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.
As a global leader in assurance, tax, transaction and advisory services, were using the finance products, expertise and systems weve developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. And with a commitment to hiring and developing the most passionate people, well make our ambition to be the best employer by 2020 a reality.
If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.
Join us in building a better working world.
EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, national origin, protected veteran status, disability status, or any other legally protected basis, in accordance with applicable law.