At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY- Technology Risk – Senior As part of our EY- Technology Risk team you will contribute technically to IT Risk and Assurance client engagements and internal projects. An important part of your role will be to actively establish, maintain, and strengthen internal and external relationships. You will also identify potential business opportunities for Ernst & Young within existing engagements and escalate these as appropriate. Similarly, you will anticipate and identify risks within engagements and share any issues with senior members of the team. The opportunity We are looking for a senior to join the Cyber COE group of our EY-Technology Risk Team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Competencies and Expertise Needed Understanding of Identity and Access Management (IAM) principles, frameworks, and best practices. Strong consulting and advisory skills, capable of understanding and addressing clients’ needs. Hands-on experience with Privileged Access Management (PAM) tools and strategies, including the implementation of solutions like PAM services. In-depth knowledge of identity lifecycle management processes, encompassing user provisioning, de-provisioning, and role management, as demonstrated in various IAM implementation projects. Skilled in analysing security risks associated with identity and access, and formulating effective mitigation strategies, as evidenced by successful project outcomes. Understanding of role-based access control (RBAC), multi-factor authentication (MFA), and single sign-on (SSO) implementations. Interest in working on security compliance projects related to IAM. Experience or interest in leading workshops, trainings, or presentations for clients. Desire to work collaboratively with IT teams to implement IAM and PAM solutions by ensuring seamless integration and operational efficiency. Responsible for ISO 27001 based Information Security Management System implementation and sustenance Assess client information security posture, identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk Responsible to assist client in review / implement Information Security controls in areas as mentioned, but not limited to: Change management process, Incident management process, Backup process, User identity and access management, Antivirus management, SLA performance and monitoring, Media handling & Exchange of information, Physical and environmental Security, and Media & Information Handling Responsible for conducting clients’ vendors risk assessment and providing a holistic view of client’s risk exposure due to outsourcing Responsible for advising and assisting clients to develop and implement Information classification framework Conduct Information Systems audits covering IT infrastructure assets Serves as technical lead or subject matter specialist on security and privacy implementation projects, responsible for design, build, testing and deployment of solutions Technical Knowledge of Security Capabilities such as, CSPM, EDR, SIEM/SOAR, Vulnerability Management will be a plus. Have a knowledge of cyber security concepts around Vulnerability Management, Identity Management, Risk Management, etc. Good understanding of overall cyber security objective of the organization and having an ability translate data into actionable metrics to drive initiatives to improve cyber security posture. Understanding of Senior stakeholder’s requirements in the organization such CISO, CIO, CRO and ability to communicate with them in an effective manner with excellent verbal and written communication skills. Experienced in conducting information security assessments including business continuity plan audits, network security audits, GenAI Audit, and infrastructure audits. Performed NIST assessments, ISO assessments, and privacy impact audits, Data Privacy and GDPR implementation, experience in developing Data inventory and Third-Party Risk Assessment. Familiar with IT industry frameworks such as ISO27001, ISO42001, NIST, PCI-DSS, TISAX, DSA/DMA, GDPR, NIS2 and HITRUST. Your Key Responsibilities Test and supervise the delivery of assigned controls not limited to ITGC and ITAC but ISO27001 & NIST assessment, Privacy Assessment, Cyber Maturity Assessment, IT Policies Standards Assessment, Software Development Lifecycle (SDLC), System Architecture, Operating Systems, Databases, Networks, Security Systems, Cloud Services, Asset Inventories, Incident Management, Recovery Management and knowledge to intervene and redirect testing as required, resolving, or redirecting escalations as required. Collaborate with your team to manage control owners and other stakeholders, ensuring the success of each assigned reviews, minimising contention where possible and requesting support, where deemed necessary. Apply judgement and risk management concepts to identify, formulate findings and provide valuable insights to the clients to improve processes and manage risks to achieving operational and strategic goals. Review IT Policies and Standards and ensure that they are as per the different industry standard. Stay current with cybersecurity regulations and promote awareness of applicable regulatory standards, upstream risks, and industry best practices across the enterprise. To qualify for the role, you must have. Graduate (CS/ IT, Electronics, Electronics & Telecommunications,)/MBA/M.Sc. with at least 4-7 years of experience. Having industry certification such as CISSP, CISM, CRISC or CISA a strong plus Bring your significant experience in applying relevant technical knowledge in at least one of the following engagements: (a) ISO assessments (b) NIST assessments (c) Data privacy audits (d) Network and Infrastructure audits (e) Cyber Maturity Assessment (f) IT Policies and Standards Assessment (g) IAM and IT Asset Management (h) IT Health Check (i) BCP/DR audit (j) Application security audits. What We Look For A Team of people with commercial acumen, technical experience, and enthusiasm to learn new things in this fast-moving environment Opportunities to work with EY Assurance practices globally with leading businesses across a range of industries. What Working At EY Offers At EY, we are dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less
