Security Control Assessor jobs at Ey in India, Bengaluru

Your Role

This role focuses on providing advisory and technical execution support to help our clients improve their cyber security posture and respond to cyber threats. You will provide security domain expertise and utilize your business insight to work closely with our clients to advise, design, build and deploy security solutions and services.

Your main responsibilities will be

• Architecture design and assessment of security solutions and services.
• Design, implement, and manage secure networks, systems, applications, and cloud infrastructure, ensuring optimal performance and scalability.
• Develop and maintain robust security measures including firewalls, intrusion detection/prevention systems, network segregation/segmentation, SIEM, EDR, XDR, MDR, etc.
• Stay updated on emerging IT security threats and implement appropriate safeguards.
• Conduct vulnerability assessments.
• Provide technical assistance in security incident investigations.
• Undertakes implementation, configuration and operationalization activities of new and existing security solutions or services.
• Research and recommend security upgrades, patches, and new security tools.
• Monitor changes in legislation and accreditation affecting security and advise relevant stakeholders.
• Configure and maintain systems in accordance with security best practices and compliance requirements.

To qualify for the role, you should have

• A BSc. degree in Computer Science, Systems Engineering, Cyber Security, Information Technology, or a related field is preferred.
• A MSc. degree in Information Security, Systems Engineering, Cyber Security, or a related field will be considered an advantage.
• Minimum 2 years of experience in a relevant role such as system security engineer, network security engineer, cloud security engineer, etc.
• Professional qualification such as GSEC, CompTIA Security+, CISSP Concentrations, or other relevant will be considered an advantage.
• Security certifications in Azure / AWS / Google Cloud will be considered an advantage.
• Strong understanding of Windows, Linux, and Active Directory.
• Hands-on knowledge of security-related products and technologies such as IDS/IPS, SIEM, EDR, DLP, network/endpoint/cloud security, etc.
• Strong understanding of cybersecurity concepts and methodologies.

Skills and attributes for success

• Strong analytical and problem-solving skills.
• Strong drive to excel professionally, and to guide and motivate others.
• Advanced written and verbal communication skills in English.
• Dedicated, innovative, resourceful, analytical, and able to work under pressure.
• Foster an efficient, innovative, and team-oriented work environment.

EY offers an attractive remuneration package for rewarding both personal and team performance. We are committed to be an inclusive employer and are happy to consider flexible working arrangements. In addition, but not limited to our benefits include:

• 13th salary and yearly bonus
• Provident Fund
• Private Medical and Life Insurance
• Flexible working arrangements (hybrid work and flexible work schedule)
• Friday afternoon off
• EY Tech MBA and EY MSc in Business Analytics
• EY Badges - digital learning certificates
• Mobility programs (if interested to work abroad)
• Paid Sick Leave
• Paid Paternity Leave
• Yearly wellbeing days off
• Maternity, Wedding, and New Baby Gifts
• EY Employee Assistance Program (EAP) (counselling, legal and financial consultation services)

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

If you can demonstrate that you meet the criteria above, please contact us as soon as possible.

Apply Now.

Your key responsibilities

• Create security standards, policies, and procedures.
  • Implement organizational process or policy changes.
  • Develop safety standards, policies, or procedures.
• Investigate and resolve security breaches
• Develop Response plan & train Security Managers to be able support / respond in case of medical emergencies, bomb threats, fire alarms, or intrusion alarms, following emergency response procedures.
• Review & ensure a sound, safe environment
  • Monitor organizational compliance with regulations
• Plan, direct Security Managers to safeguard company assets, employees, guests, or others on company property
  • Develop safety standards, policies, or procedures
• Evaluate security service provider organization policies, direct Security Managers ensure adherence to the established policies/ processes to address any on site Develop & Implement policies and methods to protect personnel against harassment, threats, or violence
  • Review & ensure strict compliance
  • Review periodic reports from the Security Managers
• Support & participate in governmental reviews, internal corporate evaluations, or assessments of the overall effectiveness of facility and personnel security processes
  • Evaluate program effectiveness
  • Develop follow-up actions, to improve EY’s preparedness for such reviews, in future.
• Develop & Schedule Training programs, to on site security teams or other organization members in security rules and procedures
  • Develop training programs on environmental awareness, conservation, or safety topics
• Assess risks to mitigate potential consequences of incidents and develop a plan to respond to incidents
  • Develop safety standards, policies, or procedures
  • Review risk assessment reports and recommend corrective measures
• Review security status, updates, and actual or potential problems, using established protocols.
• Direct strategies & Develop robust emergency management processes/ protocols and contingency planning.
  • Develop emergency response plans or procedures.
  • Direct organizational operations, projects, or services
• Conduct threat or vulnerability analyses to determine probable frequency, criticality, consequence, or severity of natural or man-made disasters or criminal activity on the organization's profitability or delivery of products or services.
  • Analyze risks to minimize losses or damages
• Provide leadership to Security Managers and teams, performing activities, such as background investigation, training, assigning work, performance evaluation, or disciplining.
  • Create framework for a fair & objective based evaluation employee performance, with growth mindset
• Develop budgets for security operations
  • Develop annual budgets, to be able to fulfil organization requirements and with an aim to achieve optimum operational efficiency.
• Write or review security-related documents, such as incident reports, proposals, and tactical or strategic initiatives
  • Prepare reports related to compliance matters
• Analyze and evaluate security operations to identify risks or opportunities for improvement through auditing, review, or assessment
  • Analyze risks to minimize losses or damages
• Develop integrated security controls/ solutions to ensure confidentiality, accountability, recoverability, or audit ability of sensitive information, proprietary information, or information technology resources.
  • Develop organizational methods or procedures.
  • Educate/ Train security managers to implement organizational security activities
• Review security policies, programs or procedures to ensure compliance with internal security policies, licensing requirements, or applicable government security requirements, policies, and directives.
  • Review and confirm, organizational compliance with regulations
• Conduct physical examinations of property to ensure compliance with security policies and regulations
  • Monitor facilities or operational systems
• Analyze & report security data to determine security needs, security program goals, or program accomplishments
  • Compile operational data
  • Analyze data to inform operational decisions or activities
• Coordinate security operations or activities with public law enforcement, fire and other agencies
  • Communicate with government agencies
  • Manage organizational security activities
• Review Operational Expense reports to ensure efficiency and quality of security operations
  • Analyze financial records to improve efficiency
• Review Purchase requests on security-related supplies, equipment, or technology and approve.
• Develop investigation programs, including collection and preservation of video and notes of surveillance processes or investigative interviews
  • Develop framework & procedures and oversee organizational need on security activities related to investigations
• Develop, arrange for, perform, or assess executive protection activities to reduce security risks.
• Develop operating strategies, plans, or procedures
• Implement organizational process or policy changes.
• Plan security for special and high-risk events.
  • Create models to support organizational needs for special or high-risk events
• Train & Direct Security managers to deploy efforts to reduce substance abuse or other illegal activities in the workplace
• Develop, recommend security procedures for operations or processes including, but not limited to, Control room operations, Security Surveillance systems, Incident Management, Asset protection, Premise safety & security, etc.,
  • Develop safety standards, policies, or procedures.
  • Train & develop security managers to ensure successful implementation of standard processes/policies/ procedures.
• Review preliminary reports or make presentations on internal investigations, losses, or violations of regulations, policies and procedures.
  • Review/Analyze reports related to compliance matters.
  • Communicate organizational policies and procedures
• Attend meetings, professional seminars, or conferences to keep abreast of changes in executive legislative directives or new technologies impacting security operations.
  • Maintain knowledge of current developments in area of expertise

Skills and attributes for success

• Excellence customer relationship management skills
• Should possess strong analytical and problem-solving skills. Should pay attention to detail
• Proven experience as security manager or similar position
• Experience using relevant technology and equipment (e.g. CCTV)
• Experience in reporting and emergency response planning
• Excellent knowledge of security protocols and procedures
• Solid understanding of budgeting and statistical data analysis
• Working knowledge of MS Office
• Excellent communication and interpersonal skills
• Outstanding organizational and leadership skills
• Certification in OSHAS & ISO 27001
• Certification in Disaster Management & Fire fighting
• Certification in Industrial Security Management
• Active Member of ASIS International / OSAC India chapter

To qualify for the role, you must have

• 15+ years of subject matter expert experience, with 8-10 years’ experience in managing security operations/ service delivery, in comparable organizations, with sound knowledge & experience, in premise safety & security services domain.
• Bachelor's degree in Business, or equivalent professional level experience

Ideally, you’ll also have

• Experience in Management role conducting development of processes, sustainable solutions, meaningful information systems for Security functions.
• Member of industry forums like IFMA/MRICS/OSAC/ASIS international etc., and having strong industry network
• Experience in working in large matrixed organizations
• Ability to function in a rapidly changing, heavily matrixed and often virtual environment
• Ability to prioritize, drive and adapt to change quickly in a fast-paced environment
• Culturally sensitivity and be capable of handling interactions with a “global mindset”
• To Coach/mentor team members in a cross-functional environment

What we look for

• Participates regularly in EY-wide and function-specific meetings, events and people initiatives
• Demonstrates executive presence establishes credibility quickly, commands attention and respect, demonstrates confidence, and deals comfortably with others
• Encourages innovation in others by allowing error, e.g., allowing people to try something new, being open to new ideas
• Creates an inclusive and flexible environment where people feel they are a valuable member part of the team. Promotes and demonstrates an inclusive and global mindset when interacting with others. Adapts to the style and cultural differences of others to enhance relationships
• Engages with team members to resolve business challenges, helping them analyze and address the root cause of problems so they can stay aligned and focused on successful execution of the team’s vision.
• Resolves team conflicts and performance issues effectively and respectfully.
• Demonstrates effective decision-making and maturity that enhances interactions
• Identifies areas of opportunity and generates ideas and solutions. Makes recommendations to leadership and is able to implement new ideas, improvements, technologies and new products.
• Promotes operational excellence by challenging current practices and providing feedback on opportunities to improve within own area of responsibility.
• Provides quality deliverables for self and teams within agreed-upon timelines
• Actively seek, wherever possible, to protect and regenerate the environment.
• Adheres to budgets, objectives and deadlines on projects with the aim of enhancing productivity and value
• Balances multiple priorities by considering priorities, urgency and impact on key relationships and resources
• Identifies and assesses risks and consults with leadership or stakeholders on options in a timely manner
• Manages team or project, delegates work effectively, and uses appropriate resources to manage costs while meeting deadlines
• Models objectivity and integrity with self and teams to adhere to firm values and limit risk
• Surfaces barriers to change and provides recommendations to overcome
• Uses experience and consultative questioning to home in on key issues and escalates as appropriate
• Grasps technical issues quickly and is able to act on them, resolve them or escalate to leadership as necessary
• Identifies and leverages leading practices, diverse perspectives and lessons learned
• Tailors communication approach to respective audience when sharing technical experience to increase understanding

What we offer

EY Global Delivery Services (GDS) is a dynamic and truly global delivery network. We work across six locations – Argentina, China, India, the Philippines, Poland and the UK – and with teams from all EY service lines, geographies and sectors, playing a vital role in the delivery of the EY growth strategy. From accountants to coders to advisory consultants, we offer a wide variety of fulfilling career opportunities that span all business disciplines. In GDS, you will collaborate with EY teams on exciting projects and work with well-known brands from across the globe. We’ll introduce you to an ever-expanding ecosystem of people, learning, skills and insights that will stay with you throughout your career.

• Continuous learning : You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you : We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Responsibilities:

• Responsible for designing and implementing security solutions for applications and services deployed on AWS or GCP cloud platforms.
• Design secure SDLC processes and embed security into CI/CD pipelines.
• Develop and enforce policies as code for secure cloud-native deployments.
• Drive security automation and DevSecOps maturity across teams.
• Participate in guiding application teams through key security functional requirements and edge cases.
• Drive security initiatives and adoptions of secured solutions in team by addressing key challenges that aids senior leaderships with strategic directions.
• Ensure alignment with industry standards and regulatory requirements.
• Strong understanding around implementation techniques and tools with regards to application security (eg: SAST, DAST, IaC scanning, secret detection, drift detection etc) tailored for cloud environments (preferably in AWS/GCP Cloud).
• Guide as an SME in the field of security on Cloud with focus on governance, audits, and compliance efforts.
• Perform routine development activities in a sprint based model to enforce detective, preventative and corrective cloud security controls on Cloud.

Preferred Requirements:
• Deep expertise in core domains of Cloud computing: Compute, Storage, Networking, Data and Security.
• Advanced proficiency in Python/Go with Cloud-native developments and automation use-cases.
• Strong leadership and collaboration skills across cross-functional teams.
• Deep knowledge and hands-on skills in secure development lifecycle and cloud-native scalable design patterns (eg: microservices, containers, CI/CD pipelines with Cloud-native technologies like AWS CodePipeline, Jenkins, Github Actions etc.
• Familiarity with IaC hardening techniques.
• Strong policy as code development
• Strong hands-on experience with Infrastructure as Code technologies like Terraform (Preferred), AWS CloudFormation templates.
• Deep understanding of cloud-native security, container security, and serverless protection.
• Familiarity/awareness around Policy as code in cloud environments.
• Hands-on experience with CSPM tools (Prisma/Wiz/AWS Security Hub etc).

Required:
• Minimum 4+ years of Cloud technology, specifically in Security engineering, or Security Architecture roles
• 3+ years of extensive hands-on experience with AWS Cloud/GCP Cloud.
• 2+ years of Python/Go development for automation and other use-cases on AWS Cloud/GCP Cloud.
• 3+ years of Terraform(preferred)/AWS CloudFormation experience in infrastructure provisioning. Certifications preferred.
• 3+ years of experience in Github Actions, Bash Scripts, YAML etc.
• Deep expertise in writing production quality modular code or 3+ years of experience in Policy as Code technologies like: HashiCorp Sentinel Policies, OPA (rego policy), OPA GateKeeper policies for Kubernetes, AWS SCPs, Google Organization Policies.
• Strong GIT or version control experience.
• 2+ years of experience working with Docker products, Kubernetes clusters (cloud-native preferably EKS/GKE) and overall containerization lifecycle.
• Any of the following certifications are a plus: AWS Certified Solutions Architect Associate, Google Cloud Professional security engineer, AWS Certified Security Specialty.
• Familiarity with Security frameworks in threat modelling (STRIDE) and other OWASP TOP 10 and implementing them at scale.

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

As a Senior Consultant in Network Security at EY, you will play a pivotal role in designing, implementing, and managing advanced security solutions for our clients. You will leverage your expertise in next-generation firewalls, proxies, zero trust technologies, and cloud security to enhance our clients' security posture and ensure compliance with industry standards. This person will interface with IT Operations, Network Operations, Infrastructure teams, Legal, Risk Management, etc.

Your key responsibilities

• Design and implement network security architectures using next-generation firewalls and proxies.
• Evaluate and deploy zero trust technologies, including Zscaler and Netskope, to secure client environments.
• Conduct security assessments and vulnerability analyses to identify and mitigate risks.
• Collaborate with cross-functional teams to develop and implement security policies and procedures.
• Provide guidance and mentorship to junior consultants and team members.
• Stay updated on the latest security trends, threats, and technologies to ensure best practices are followed.
• Develop and maintain documentation for security policies, procedures, and configurations.
• Lead incident response efforts, including investigation, containment, and remediation of security incidents.
• Conduct training sessions and workshops for clients and internal teams on security best practices and technologies.
• Assist clients in compliance audits and assessments related to industry standards (e.g., ISO 27001, NIST, GDPR).
• Design, implement, and oversee security measures for cloud platforms (such as AWS, Azure, and Google Cloud).
• Create and enforce policies, standards, and best practices for cloud security.
• Monitor and address security incidents and vulnerabilities within cloud infrastructures.
• Establish and manage security controls, including network segmentation, data protection, and threat detection.
• Automate security processes using scripting and infrastructure as code (IaC) methodologies.
• Deploy and configure security tools and solutions native to the cloud (e.g., firewalls, encryption, identity and access management).
• Investigate and address cloud security incidents, including data breaches and unauthorized access.
• Conduct forensic analysis and generate comprehensive reports on security incidents and breaches.
• Work collaboratively with other teams to resolve security challenges and enhance the overall security posture.
• Evaluate and recommend security tools and technologies to enhance the security posture of client environments.
• Collaborate with clients to develop tailored security strategies that align with their business objectives.
• Monitor and analyze security events and alerts to identify potential threats and vulnerabilities.
• Participate in security architecture reviews and provide recommendations for improvements.

Skills and attributes for success

• Should be a good team player.
• Excellent verbal and written communication skill.
• Proficient Documentation and Power Point skills
• Good social, communication and technical writing skills
• Should interface with internal and external clients.
• Strong analytical/problem solving skills.
• Ability to prioritize tasks and work accurately under pressure in order to meet deadlines.
• Should understand and follow workplace policies and procedures.
• Should independently manage the assigned project/engagement with minimal oversight/guidance from the manager.

To qualify for the role, you must have

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 6 to 8 years of professional of experience in network security consulting/operations or a related role.
• Strong knowledge of network security principles and practices.
• Proficiency in configuring and managing next-generation firewalls (e.g., Palo Alto, Fortinet, Check Point).
• Experience with proxy technologies and their integration into security architectures.
• In-depth understanding of zero trust security models and implementation strategies.
• Familiarity with cloud security solutions, particularly Zscaler and Netskope.
• Implementation/operational experience on Zscaler- ZIA, ZPA,ZDX/ Netskope
• Knowledge of cloud platforms (e.g., AWS, Azure, Google Cloud) and their security features.
• Excellent problem-solving skills and the ability to work under pressure.
• Strong analytical skills to assess security risks and develop effective mitigation strategies.
• Ability to communicate complex security concepts to non-technical stakeholders.
• Experience with security information and event management (SIEM) tools.
• Understanding of network protocols and security technologies (e.g., VPN, IDS/IPS).
• Familiarity with scripting or programming languages (e.g., Python, PowerShell) for automation and security tasks.
• Knowledge of data protection regulations and compliance requirements (e.g., GDPR, HIPAA).
• Strong project management skills to lead security initiatives and manage client engagements.

• Below relevant certifications are a plus: -
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Cisco Certified Network Professional Security (CCNP Security)
  • Palo Alto Networks Certified Network Security Engineer (PCNSE)
  • Fortinet Network Security Expert (NSE)
  • Zscaler Certified Cloud Security Engineer (ZCCSE)
  • Netskope Certified Security Engineer (NCS)
  • AWS Certified Security – Specialty
  • Microsoft Certified: Azure Security Engineer Associate
  • Google Professional Cloud Security Engineer
• Proficiency in security tools and technologies.
• Excellent problem-solving skills and attention to detail.
• Strong communication and teamwork skills.
• Ability to work independently and manage multiple tasks.
• Willingness to stay current with evolving security technologies and threats.
• Ability to communicate in a clear and concise manner.

Ideally, you’ll also have

• Professional certificate or be actively pursuing related professional certifications such as the CompTia Security+, CEH, CISSP or Vendor/Technical certification. If not, certified candidates are expected to complete one of the business required certifications within 12 months of hire.
• To expect some weekend work and 20%-30% travel based on job requirement.

What we look for

• A Team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills.
• An opportunity to be a part of market-leading, multi-disciplinary team of 1600 + professionals, in the only integrated global transaction business worldwide.
• Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Responsibilities:

• Responsible for designing and implementing security solutions for applications and services deployed on AWS or GCP cloud platforms.
• Design secure SDLC processes and embed security into CI/CD pipelines.
• Develop and enforce policies as code for secure cloud-native deployments.
• Drive security automation and DevSecOps maturity across teams.
• Participate in guiding application teams through key security functional requirements and edge cases.
• Drive security initiatives and adoptions of secured solutions in team by addressing key challenges that aids senior leaderships with strategic directions.
• Ensure alignment with industry standards and regulatory requirements.
• Strong understanding around implementation techniques and tools with regards to application security (eg: SAST, DAST, IaC scanning, secret detection, drift detection etc) tailored for cloud environments (preferably in AWS/GCP Cloud).
• Guide as an SME in the field of security on Cloud with focus on governance, audits, and compliance efforts.
• Perform routine development activities in a sprint based model to enforce detective, preventative and corrective cloud security controls on Cloud.

Preferred Requirements:
• Deep expertise in core domains of Cloud computing: Compute, Storage, Networking, Data and Security.
• Advanced proficiency in Python/Go with Cloud-native developments and automation use-cases.
• Strong leadership and collaboration skills across cross-functional teams.
• Deep knowledge and hands-on skills in secure development lifecycle and cloud-native scalable design patterns (eg: microservices, containers, CI/CD pipelines with Cloud-native technologies like AWS CodePipeline, Jenkins, Github Actions etc.
• Familiarity with IaC hardening techniques.
• Strong policy as code development
• Strong hands-on experience with Infrastructure as Code technologies like Terraform (Preferred), AWS CloudFormation templates.
• Deep understanding of cloud-native security, container security, and serverless protection.
• Familiarity/awareness around Policy as code in cloud environments.
• Hands-on experience with CSPM tools (Prisma/Wiz/AWS Security Hub etc).

Required:
• Minimum 4+ years of Cloud technology, specifically in Security engineering, or Security Architecture roles
• 3+ years of extensive hands-on experience with AWS Cloud/GCP Cloud.
• 2+ years of Python/Go development for automation and other use-cases on AWS Cloud/GCP Cloud.
• 3+ years of Terraform(preferred)/AWS CloudFormation experience in infrastructure provisioning. Certifications preferred.
• 3+ years of experience in Github Actions, Bash Scripts, YAML etc.
• Deep expertise in writing production quality modular code or 3+ years of experience in Policy as Code technologies like: HashiCorp Sentinel Policies, OPA (rego policy), OPA GateKeeper policies for Kubernetes, AWS SCPs, Google Organization Policies.
• Strong GIT or version control experience.
• 2+ years of experience working with Docker products, Kubernetes clusters (cloud-native preferably EKS/GKE) and overall containerization lifecycle.
• Any of the following certifications are a plus: AWS Certified Solutions Architect Associate, Google Cloud Professional security engineer, AWS Certified Security Specialty.
• Familiarity with Security frameworks in threat modelling (STRIDE) and other OWASP TOP 10 and implementing them at scale.

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Your key responsibilities

• Engage in Cyber Strategy & Governance, Cyber Risk & Compliance, Cyber Resilience, Cyber Transformation and Co-Sourcing, Application & Network Security engagements
• Work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating senior team members on progress.
• Execute the engagement requirements, along with review of work by junior team members.
• Help prepare reports and schedules that will be delivered to clients and other parties.
• Develop and maintain productive working relationships with client personnel.
• Build strong internal relationships within EY Consulting Services and with other services across the organization
• Contribute to people related initiatives including recruiting and retaining Cyber Transformation professionals
• Maintain an educational program to continually develop personal skills of staff
• Understand and follow workplace policies and procedures
• Building a quality culture at GDS
• Help senior team members in performance reviews and contribute to performance feedback for staff/junior level team members
• Manage the performance management for the direct reportee, as per the organization policies.
• Foster teamwork and lead by example
• Training and mentoring of project resources
• Participating in the organization-wide people initiatives

Skills and attributes for success

• Hands-on experience of more than 5 years with key components of components of SAP Basis and Security with Cyber Security (but not limited to):
• SAP Basis and Security consultant with experience in SAP Basis System Hardening, SAP Fiori Security and Fiori Architecture, SAP web Dispatcher, Web Application Firewalls and Web Security in General, And SAP Cloud platform.
• Experience with the most important SAP products - SAP S/4HANA, HANA Database, SAP C/4HANA, SAP SuccessFactors, SAP Ariba, SAP Fieldglass, SAP Qualtrics, SAP Concur.
• Application Security (Secure S/4HANA transformation projects beyond re-designing roles & authorizations, Ariba, Concur, SAP EWM, SAP Fieldglass)
• Experience in handling the assessment tools or in manual conduction of SAP Security Audits
• Basic understanding of roles & authorization concepts for S/4HANA, SAP HANA and SAP Fiori.
• Demonstrable experience in Identity & Access Management (IAM) technologies such as Single-Sign-On (SSO), Privileged Access Management and integration with SAP platform.
• Patch management and configuration (Secure Configuration, identify published vulnerabilities, Classify and prioritize vulnerabilities)
• Should possess knowledge of SAP Cloud Platform fundamentals.
• Experience in implementing an SAP SIEM solution like SAP Enterprise Threat Detection (ETD) will be an added advantage
• Basic understanding of security certifications like ISO 27001, SOC, NIST etc.
• Background in security technologies, security architectures, security testing and software development
• Understanding of SAP Security Baseline ABAP / HANA and JAVA systems.
• Exposure to SAP Security Optimization Services & Secure Operations Map
• Understanding of security issues, exploitation techniques and remediation measures and ability to implement new attack approaches/ vectors
• Perform threat modelling for applications and prepare reports for clients to highlight risks.
• Knowledge of integrating security tools, standards, and processes into the product life cycle (PLC)
• Improving and supporting application security tool deployments including static analysis and runtime testing tools
• Deep understanding of common application security vulnerabilities
• Demonstrated expertise in application security domain

To qualify for the role, you must have:

• BE - B. Tech / MCA / M. Tech/ MBA with background in computer science and programming.
• More than 5 Years of relevant experience.
• Strong Excel and PowerPoint skills.
• Should be proficient in leading medium to large engagements and coach junior staff.

Ideally, you’ll also have

• Project management skills.
• CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor and Lead Implementer.

What we look for

• A team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills.
• An opportunity to be a part of market-leading, multi-disciplinary team of 1400 + professionals, in the only integrated global transaction business worldwide.
• Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries.

At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Your key responsibilities

• Implement security standards, policies, and procedures.
• Identify & report security breaches
• Respond/support in case of medical emergencies, bomb threats, fire alarms, or intrusion alarms, following emergency response procedures.
• Coordinate security activities to safeguard company assets, employees, guests, or others on company property
• Maintain updated policies and methods, published by the security service provider organizations to address any on site harassment, threats, or violence
• Assist in imparting to subordinate security professionals or other organization members in security rules and procedures
• Identify risks to mitigate potential consequences of incidents and develop a plan to respond to incidents
• Communicate security status, updates, and actual or potential problems, using established protocols.
• Handle on site emergency situations and execute contingency plans.
• Participate in threat or vulnerability analyses to determine probable frequency, criticality, consequence, or severity of natural or man-made disasters or criminal activity on the organization's profitability or delivery of products or services.
• Supervise subordinate security professionals, performing activities, such as background investigation, training, assigning work, evaluating performance, or disciplining.
• Assist / provide inputs for annual budgets for security operations
• Assist in implementation of integrated security controls to ensure confidentiality, accountability, recoverability, or audit ability of sensitive information, proprietary information, or information technology resources.
• Ensure strict adherence to security policies, programs or procedures to ensure compliance with internal security policies, licensing requirements, or applicable government security requirements, policies, and directives.
• Collect data to determine security needs, security program goals, or program accomplishments
• Aid coordinate security activities with public law enforcement, fire and other agencies
• Track operational spend to ensure efficiency and quality of security operations
• Assist in investigation programs, including collection and preservation of video and notes of surveillance processes or investigative interviews
• Implement & ensure strict compliance of security procedures in areas including, but not limited to, Control room operations, Security Surveillance systems, Incident Management, Asset protection, Premise safety & security, etc.,
• Engage with employees and managers to ensure a productive work environment.
• Communicate proactively and provide support on employee well-being, including safety and security training.

Skills and attributes for success

• Excellence customer relationship management skills
• Should possess strong analytical and problem-solving skills. Should pay attention to detail
• Proven experience as Security supervisor / Assistant Security officer, or similar position
• Experience using relevant technology and equipment (e.g. CCTV)
• Experience in reporting and emergency response planning
• Excellent knowledge of security protocols and procedures
• Working knowledge of MS Office
• Good communication and interpersonal skills
• Good organizational skills
• Certification in OSHAS & ISO 27001
• Certification in Disaster Management & Fire fighting
• Certification in Industrial Security Management
• Active Member of ASIS International / OSAC India chapter

To qualify for the role, you must have

• 4-5 years of subject matter expert experience, with minimum of 3 years’ experience in managing security operations/ service delivery, in comparable organizations, with sound knowledge & experience, in premise safety & security services domain.
• Bachelor’s degree in Business, or equivalent professional level experience

What we look for

• Participates regularly in EY-wide and function-specific meetings, events and people initiatives
• Takes charge of personal development and seeks out coaching and feedback regularly
• Finds ways to improve the balance between personal and professional commitments and to increase understanding of personal well-being to benefit self and team members
• Demonstrates self-awareness when interacting with colleagues and adapts individual approach to enhance relationships
• Contributes to a positive team environment by finding constructive ways to respond to work challenges
• Promotes and demonstrates an inclusive and global mindset when interacting with others
• Applies an understanding of client needs to identify critical outcomes, barriers to success, and changes in expectations or scope. Connects to stakeholders, seizing opportunities to grow knowledge
• Participates in meetings with clients to develop closer relationships and better understand capabilities or client issues
• Demonstrates effective decision-making, displaying maturity that enhances interactions and relationships
• Establishes credibility with client and others by demonstrating an understanding of client’s business environment
• Enables the delivery of exceptional client service by using appropriate tools and resources
• Understands how the firm is changing, anticipates opportunities, and puts a plan in place to help deliver on goals and objectives. Generates innovative ideas and solutions that improve efficiency
• Promotes operational excellence by challenging current practices and providing feedback on opportunities to improve within own area of responsibility.
• Maintains independence and objectivity, complying personally with all applicable professional standards, EY policies and regulatory requirements
• Manages day-to-day priorities by organizing work and informing others, following through to resolution
• Manages projects or initiatives while clarifying objectives, priorities, roles, responsibilities, timelines and scope changes as appropriate
• Promotes and sustains quality and effective risk management and compliance through consistent review of work products and suggestions for improvement
• Identifies technical issues and can resolve and/or elevate appropriately. Possesses solid conceptual knowledge of overall technical concepts within functional area.
• Maintains awareness and understanding of the impact of new developments in own functional area and shares them with client and team
• Proposes credible suggestions and options that effectively resolve business challenges

What we offer

EY Global Delivery Services (GDS) is a dynamic and truly global delivery network. We work across six locations – Argentina, China, India, the Philippines, Poland and the UK – and with teams from all EY service lines, geographies and sectors, playing a vital role in the delivery of the EY growth strategy. From accountants to coders to advisory consultants, we offer a wide variety of fulfilling career opportunities that span all business disciplines. In GDS, you will collaborate with EY teams on exciting projects and work with well-known brands from across the globe. We’ll introduce you to an ever-expanding ecosystem of people, learning, skills and insights that will stay with you throughout your career.

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership : We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.