Security Consulting Assurance
Ernst & Young
Cochin, India
1h ago
source : Wizbii

InfoSec Security Consultant

Top 7 Skills :

Must be highly technical, must have Information Security experience. Has the ability to recommend and drive security solutions implementations in most all IT Security domains

application security, infrastructure, networking, identity and access management, etc.)

Must be able to define and prescribe technical security architectures and provide pragmatic security guidance that balance business benefit and risks.

Must possess the ability to function as the Information Security SME within an Agile lifecycle with product development teams for driving the production of many advanced technological


Must have exposure to accounting based principles and technical systems, and demonstrate the ability to understand terms of accounting.

Have exposure to GLs and accounting based principles understand enough about the function be able to understand terms of accounting

Must have strong knowledge of cloud technology principles and practices, with knowledge of cloud security. A very strong plus for candidates with experience using MS Azure.

MUST be personable and a strong communicator!

Job summary

As a Security Consultant within EY’s internal Security Consulting and Assurance team, the individual will be a trusted IT security SME for the Financial Accounting, Risk and Compliance sub-business, under the

Assurance service line. Overarching responsibilities will include : direct engagement driving technical security solution delivery on programs and projects, defining security architectures, providing security

guidance, identifying and prioritizing security-related requirements, promoting secure-by-default designs and facilitating delivery of information security services throughout the system development life

cycle (SDLC). The role will also direct technology teams in the implementation of appropriate risk treatment and mitigation options to address security vulnerabilities. Security Consultants are

responsible for the translation of these vulnerabilities into business risk terminology for communication to business stake holders.

Essential functions of the job

Define security architectures and provide pragmatic technical security guidance.

Balancing business benefit and technical risks

Engage technology teams in order to evaluate and prescribe security controls at all touchpoints throughout the technology architecture

Define security configuration standards for platforms and technologies

Provide knowledge sharing and technical assistance to other team members

Act as Subject Matter Expert (SME) and offer deep technical guidance for responsible portfolios

Engage IT project teams throughout the SDLC to identify and prioritize applicable security controls and provide guidance on how to implement these controls

Perform risk assessments aligned with system security certification and review processes for information systems and infrastructure

Maintain and enhance the Information Security risk assessment methodology

Develop appropriate risk treatment and mitigation options to address security risks identified during security review or audit

Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stake-holders

Knowledge and skills requirements

  • Applied technical knowledge of IT Security domains
  • Applied skills participating in the Agile lifecycle
  • Security architecture. Two years of experience with security architecture, design and assessment of messaging, ERP, CRM and or data analytics solutions
  • Skills to analyze technology architectures and software solutions, identify security risk and prescribe mitigating security measures in accordance with the firms risk tolerance level.
  • Strong ability to build relationships
  • Ability to team well with others to facilitate and enhance the understanding & compliance to security policies
  • Experience facilitating meetings with multiple customers and technical staff, including building
  • consensus and mediating compromise
  • High degree of tolerance for ambiguity
  • Experience conducting risk assessments, vulnerability assessments, vendor and third party risk assessments and recommending risk remediation strategies
  • Strong understanding of common information security standards, driving the application of security controls in accordance with common IT Security directives, such as : ISO 27001 / 27002,
  • Education

  • An advanced degree in Computer Science or a related discipline, or equivalent work experience
  • Required Experience
  • Experience in the Agile development lifecycle
  • Experience working with cloud technologies, MS Azure preferred
  • Three or more years working with financial and accounting technology systems
  • Three or more years of experience in the management of a significant Information Security risk management function
  • Three or more years of combined experience in Information Security and Information Technology disciplines
  • Experience in managing the communication of security findings and recommendations to IT project teams and management
  • Exceptional judgment, tact, and decision-making ability
  • Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change
  • Outstanding management, interpersonal, communication, organizational, and decision-making skills
  • Strong English language skills are required
  • Desired Experience

  • Experience with cloud technologies (MS Azure preferred)
  • Experience in advanced technologies such as block chain, RPA, AI, etc.
  • Knowledge of the Scaled Agile Framework (SaFE)
  • Certification requirements

  • Candidates holding a CISSP are preferred.
  • Candidates who are holding or actively pursuing a CISSP will be considered.
  • Also candidates who hold of are actively pursuing related professional certifications within the GIAC family of certifications or CISM or CISA will be considered.
  • Apply
    Add to favorites
    Remove from favorites
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form