InfoSec Security Consultant
Top 7 Skills :
Must be highly technical, must have Information Security experience. Has the ability to recommend and drive security solutions implementations in most all IT Security domains
application security, infrastructure, networking, identity and access management, etc.)
Must be able to define and prescribe technical security architectures and provide pragmatic security guidance that balance business benefit and risks.
Must possess the ability to function as the Information Security SME within an Agile lifecycle with product development teams for driving the production of many advanced technological
Must have exposure to accounting based principles and technical systems, and demonstrate the ability to understand terms of accounting.
Have exposure to GLs and accounting based principles understand enough about the function be able to understand terms of accounting
Must have strong knowledge of cloud technology principles and practices, with knowledge of cloud security. A very strong plus for candidates with experience using MS Azure.
MUST be personable and a strong communicator!
As a Security Consultant within EY’s internal Security Consulting and Assurance team, the individual will be a trusted IT security SME for the Financial Accounting, Risk and Compliance sub-business, under the
Assurance service line. Overarching responsibilities will include : direct engagement driving technical security solution delivery on programs and projects, defining security architectures, providing security
guidance, identifying and prioritizing security-related requirements, promoting secure-by-default designs and facilitating delivery of information security services throughout the system development life
cycle (SDLC). The role will also direct technology teams in the implementation of appropriate risk treatment and mitigation options to address security vulnerabilities. Security Consultants are
responsible for the translation of these vulnerabilities into business risk terminology for communication to business stake holders.
Essential functions of the job
Define security architectures and provide pragmatic technical security guidance.
Balancing business benefit and technical risks
Engage technology teams in order to evaluate and prescribe security controls at all touchpoints throughout the technology architecture
Define security configuration standards for platforms and technologies
Provide knowledge sharing and technical assistance to other team members
Act as Subject Matter Expert (SME) and offer deep technical guidance for responsible portfolios
Engage IT project teams throughout the SDLC to identify and prioritize applicable security controls and provide guidance on how to implement these controls
Perform risk assessments aligned with system security certification and review processes for information systems and infrastructure
Maintain and enhance the Information Security risk assessment methodology
Develop appropriate risk treatment and mitigation options to address security risks identified during security review or audit
Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stake-holders
Knowledge and skills requirements