Application Security Service Owner jobs at Ey in India, Kochi

We’re looking for a Manager in our Cyber Security team with a strong focus on Governance, Risk, and Compliance (GRC). You will be responsible for defining, implementing, and managing GRC frameworks that enhance our clients' security posture and ensure compliance with regulatory requirements. This is a fantastic opportunity to be part of a leading firm while being instrumental in the development of next-generation GRC solutions.

Your Key Responsibilities:

• Design, implement, and manage GRC frameworks that align with organizational goals and regulatory requirements, including ISO 27701, ISO 27017, and PDPL (Personal Data Protection Law).
• Collaborate with clients to assess their GRC needs and develop tailored solutions that enhance compliance and risk management.
• Oversee the integration of GRC processes with existing IT and security frameworks, ensuring seamless functionality and user experience.
• Conduct risk assessments and audits related to GRC, providing recommendations for improvements and remediation strategies.
• Stay current with GRC trends, regulations, and best practices to ensure our solutions remain competitive and effective.
• Mentor and guide junior team members, fostering a culture of continuous learning and professional development.
• Drive discussions with senior stakeholders to align GRC strategies with business objectives and regulatory requirements.
• Develop and deliver training sessions on GRC best practices and technologies for clients and internal teams.
• Conduct compliance assessments to identify potential risks and develop mitigation strategies.
• Review and assess existing policies and procedures to ensure compliance with best practices and organizational policies.
• Create GRC documentation and conduct reviews to ensure alignment with regulatory standards and business objectives.

Skills and Attributes for Success:

• Proven experience in Governance, Risk, and Compliance frameworks, with a strong understanding of security governance and risk management.
• Deep technical knowledge of compliance requirements, risk assessment methodologies, and security technologies.
• Familiarity with ISO 27701, ISO 27017, and PDPL, and their application in GRC practices.
• Excellent analytical and problem-solving skills, with the ability to assess complex compliance challenges and develop effective solutions.
• Excellent communication skills, both verbal and written, with the ability to engage effectively with technical and non-technical stakeholders.
• Ability to manage multiple projects simultaneously and adapt to changing priorities in a fast-paced environment.
• Experience in project management methodologies and tools, with a focus on delivering high-quality results on time and within budget.

To Qualify for the Role, You Must Have:

• 12-15 years of experience in Information Technology, with a specialization in Cyber Security and Governance, Risk, and Compliance.
• Professional-level knowledge in GRC frameworks and risk management assessments.
• Strong hands-on experience with compliance technologies and risk management tools.
• Relevant industry certifications (e.g., CISSP, CISM, CRISC, or ISO 27001).
• Ideally, You’ll Also Have:
• Strong interpersonal skills and the ability to build relationships with clients and team members.
• Experience working in a consulting environment, with a focus on delivering value to clients.
• A proactive approach to identifying and addressing compliance challenges.

What We Look For:

• Professionals with strong technical acumen, a consulting mindset, and enthusiasm to learn in a fast-paced environment.
• Ability to lead cyber consulting discussions with SMEs and senior client stakeholders.
• Experience in RFP responses, proposal building, effort estimation, and go-to-market activities is a plus.

: Associate Vice President-TMT-SaT-SaT - TCF - Financial Diligence - New Delhi

SaT - TCF - Financial Diligence :

Whether clients are preserving, optimizing, raising or investing, our Connected Capital Solutions (CCS) are our five go-to-market offerings that help drive competitive advantage and increased returns through improved decision-making. The CCS include Strategy, Corporate Finance, Buy and Integrate, Sell and Separate and Reshaping Results, and are underpinned by our Connected Capital Technologies.

Chartered Accountant with good academic background with 5-9 years of relevant post-
qualification experience

Chartered Accountant with good academic background with 5-9 years of relevant post-
qualification experience

People with the ability to work in a collaborative manner to provide services across multiple client departments while following the commercial and legal requirements. You will need a practical approach to solving issues and complex problems with the ability to deliver insightful and practical solutions. We look for people who are agile, curious, mindful, and able to sustain positive energy, while being adaptable and creative in their approach.If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.

Your Key Responsibilities:

• Lead the design, implementation, and management of IAM solutions, ensuring they meet security standards and business requirements.
• Collaborate with clients to assess their IAM needs and develop tailored solutions that enhance security and compliance.
• Oversee the integration of IAM systems with existing IT infrastructure, ensuring seamless functionality and user experience.
• Conduct risk assessments and audits related to IAM processes and controls, providing recommendations for improvements.
• Stay current with IAM trends, technologies, and best practices to ensure our solutions remain competitive and effective.
• Mentor and guide junior team members, fostering a culture of continuous learning and professional development.
• Drive discussions with senior stakeholders to align IAM strategies with business objectives and regulatory requirements.
• Develop and deliver training sessions on IAM best practices and technologies for clients and internal teams.
• Implement Zero Trust Architecture principles in IAM solutions to enhance security posture and minimize risk.

Skills and Attributes for Success:

• Proven experience in IAM implementation and management, with a strong understanding of identity governance, access management, and directory services.
• Deep technical knowledge of IAM technologies, including Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Privileged Access Management (PAM).
• Strong understanding of Zero Trust Architecture and its application in IAM Implementation and Cyber Consulting.
• Excellent analytical and problem-solving skills, with the ability to assess complex security challenges and develop effective solutions.
• Excellent communication skills, both verbal and written, with the ability to engage effectively with technical and non-technical stakeholders.
• Ability to manage multiple projects simultaneously and adapt to changing priorities in a fast-paced environment.
• Experience in project management methodologies and tools, with a focus on delivering high-quality results on time and within budget.

To Qualify for the Role, You Must Have:

• 8-12 years of experience in Information Technology, with a specialization in Cyber Security and IAM roles.
• Professional-level knowledge in IAM frameworks and technologies, including but not limited to Azure AD, Okta, and SailPoint.
• Experience in conducting security assessments and audits related to IAM processes.
• Relevant industry certifications (e.g., CISSP, CISM, or IAM-specific certifications).
• Experience in Zero Trust Security Strategy and Implementation.

Ideally, You’ll Also Have:

• Strong interpersonal skills and the ability to build relationships with clients and team members.
• Experience working in a consulting environment, with a focus on delivering value to clients.
• A proactive approach to identifying and addressing security challenges.

What We Look For:

• Professionals with strong technical acumen, consulting mindset, and enthusiasm to learn in a fast-paced environment.
• Ability to lead cyber consulting discussions with SMEs and senior client stakeholders.
• Experience in RFP responses, proposal building, effort estimation, and go-to-market activities is a plus.

Security Technology - Cloud Security Engineer

We are looking for a Cloud Security Engineer, who will become part of our Security Technology Services Engineering team. In this role you will be involved in managing and coordinating activities related to cloud technologies, business drivers, and most importantly, security posture. In this role you will have the opportunity to work alongside like-minded individuals, stand up new technologies, and coordinate with internal and external groups to ensure the related systems are secure and robust.

Your key Responsibilities

As an individual contributor, you’ll bring your engineering expertise into efforts which introduce new technologies and upgrade existing ones. Active project participation in new or integrated technologies as the Subject Matter Expert for the Information Security use cases pertaining to Cloud Security technology. You will be responsible for the design, engineering, implementation, and early life cycle support of systems and services within our EY multi-cloud environments. You will work closely with Teams across EY such as: Security Architects, Service Delivery, Security Operations, and Cyber Defense for the enablement of security solutions and services. You will also provide consulting services to other teams and act as a level four contact for operational issues.

• Provide technical oversight of Information Security technologies that fall under the team’s responsibilities, confirming they are operating within agreed service levels and at peak possible performance
• Represent the team in specific Project activities, including Leading projects and managing the activity of others towards successful completion.
• Engineer security solutions and services following all relevant EY standards and practices for On-Premises, Hybrid and Cloud-Based environments.
• Lead the design, implementation, testing of security solutions and services for a large or more complex project to its completion which includes production support and documentation.
• Take accountability for the design, delivery, and maintenance of new and existing security solutions or services, driving compliance with and contributing to the development of relevant standards.
• Apply modern standards/principles, global product-specific guidelines, security standards, design standards, to security solutions and services as appropriate.
• Improve existing security solutions and services in use by partnering with Security Architecture, Service Owners, and Security Operations. Drives automation and innovation across the security solutions supported.
• Work in a diverse, global environment and build strong relationships across all levels of a matrixed, geographically, and culturally dispersed organization.
• Be flexible to work out of regular office hours to accommodate the team and organizational calls and meetings. Weekend or late-night work may occur during project and early life cycle support phases.
• No direct supervision responsibilities though technical leadership required within assigned projects.
• Articulate technology issues/concerns that may emerge at any level of the technical stack, and from any component across the ecosystem, to senior business and technology leaders.

To qualify for the role, you must have

• Hands-on experience and in-depth knowledge in several of the following areas: Cloud services (Azure, GCP, or AWS), cloud resource delivery and management, and security enforcement in cloud environments.
• Hands-on experience with containers and Kubernetes, such as Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), or Elastic Kubernetes Service (EKS), as well as serverless container platforms such as Azure Container Apps (ACA), Azure Container Instances (ACI), AWS Fargate, etc.
• Proficiency in scripting with PowerShell, Bash, Python, or similar languages.
• 4+ years of experience in Security, with a strong focus on cloud or container security.
• Proven track record of working with a team as well as managing projects and initiatives.
• Proficiency with change control management processes.
• The ability and desire to train and mentor staff in technical process and best practices.
• Extensive experience working in large, global, and virtual environments.
• Strong English language skills, both written and verbal.

Ideally, you’ll also have

• Hands-on experience with container security platforms such as AquaSec Platform & Trivy.
• Experience or awareness of observability & operation telemetry platforms, such as Azure Log Analytics Workspace, Grafana, Logstash, etc.
• Experience working with automation and workflow orchestration services, such as Logic Apps/PowerAutomate, n8n, etc
• Relevant certifications in cloud administration, engineering, or security (e.g., Azure, GCP, AWS).
• Security certifications such as GSEC, CISSP, or equivalents from ISC2 or GIAC.
• Project management experience and familiarity with service introduction and readiness processes.
• Proficiency with DevOps CI/CD tools, such as Azure Pipelines, GitHub Actions, or AWS CodePipelines.
• Familiarity with hybrid cloud architectures and connectivity solutions like Azure ARC, AWS Direct Connect, and Azure ExpressRoute.
• Expertise in Infrastructure as Code (IAC) and automation tools such as Terraform, Puppet, Chef, Azure DSC, or AutoManage.

What we look for

• This role is perfect for you, if you have excellent problem solving, decision making and communication skills.
• We are looking for people who are comfortable working with culturally diverse on/offshore team members, able to react appropriately during stressful and ambiguous situations, and drive efforts to successful and timely completion.

What we offer:

As part of this role, you will work in a highly coordinated, globally diverse team with the opportunity and tools to grow, develop and drive your career forward. Here, you can combine global opportunity with flexible working. The EY benefits package goes above and beyond too, focusing on your physical, emotional, financial and social well-being. Your recruiter can talk to you about the benefits available in your country. Here’s a snapshot of what we offer:

• Continuous learning: You will develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We will provide the tools and flexibility, so you can make a significant impact, your way.
• Transformative leadership: We will give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You will be accepted for who you are and empowered to use your voice to help others find theirs

Key responsibilities include:

• Support and implement strategic plans for the Global Information Security Ambassador Program, aligning with the company’s overall information security objectives.
• Design and facilitate comprehensive training programs for Ambassadors, ensuring they are equipped with the necessary knowledge and skills.
• Collaborate with communication and talent development teams across different locations to integrate and facilitate information security activities locally.
• Oversee the delivery of processes, solutions, and/or projects with a focus on quality and effective risk and security awareness management.
• Contribute to continuous process improvement, identify innovative solutions through research and analysis, and apply best practices.
• Support the Program Leader in coordinating the activities of program members.
• Foster collaboration with TARP and other Information Security departments.
• Propose solution to challenges in scaling the program, such as tracking and measuring Ambassador contributions and impact.
• Recommend solutions for expanding the program’s reach and integrating new security domains.
• Engage with internal stakeholders (Information Security Team, IT, business leaders, regional communication/talent teams) and external stakeholders (industry peers, regulatory bodies).

Skills and attributes for success

• Strong communication skills, with the ability to clearly convey information and facilitate discussions with diverse groups.
• Program management skills, including process analysis, improvement, and project management in a global, multicultural environment.
• Understanding of information security principles, training methodologies, and creative communication strategies.
• Familiarity with security frameworks and standards such as IEC/ISO 27000, NIST, and GDPR.
• Analytical and problem-solving skills, including the ability to automate processes for activity tracking and dashboard reporting.
• Ability to collaborate effectively with both internal and external stakeholders.

To qualify for the role, you must have

• 5 or more years of experience in the Information Technology, Information Security and/or IT Risk Management field(s).
• Experience in program management, preferably in a global or multicultural context.
• Strong communication and group engagement skills.
• Understanding of key security frameworks and regulations governing data protection and information security practices.
• Ability to analyze and improve processes and manage projects.
• Experience working with cross-functional teams.
• Attained or desire to attain one or more of the following certifications:
  • CSAP (Certified Security Awareness Practitioner)
  • SSAP (SANS Security Awareness Professional)
  • Certified Information Systems Security Processional (CISSP)
  • Certified Risk and Information Systems Control (CRISC)
  • Certified Information Security Manager (CISM)
  • Certified Information System Auditor (CISA)

Ideally, you’ll also have

• Familiarity with the organization’s structure, business units, and strategic objectives to align security initiatives with organizational goals.
• Awareness of client expectations, industry trends, and best practices in information security awareness.
• Experience with automating activity tracking and dashboard reporting.
• Excellent interpersonal, communication and presentation skills.
• Good time management, organizational, and decision-making skills.

What we look for

A proactive, collaborative, and innovative professional who can drive the strategic growth, training, and operational support of the Security Ambassador Program. Someone who can address challenges in scaling and supporting a global network of Ambassadors (currently 200+ across 45+ countries). A candidate who is committed to maintaining high standards of quality and support, and who can help foster a strong security culture within the organization.

What we offer

As part of this role, you will work in a highly coordinated, globally diverse team with the opportunity and tools to grow, develop and drive your career forward. Here, you can combine global opportunity with flexible working. The EY benefits package goes above and beyond too, focusing on your physical, emotional, financial, and social well-being. Your recruiter can talk to you about the benefits available in your country. Here’s a snapshot of what we offer:

• Continuous learning: You will develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We will provide the tools and flexibility, so you can make a significant impact, your way.
• Transformative leadership: We will give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You will be accepted for who you are and empowered to use your voice to help others find theirs.

Risk Consulting - Manager - Digital Risk - SAP Security

As part of our Risk Consulting – Digital Risk team, you will be part of the team delivering SAP Security reviews and audit services for various clients across the MENA region. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also involve in identifying potential business opportunities for EY within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior members of the team.

Your key responsibilities

• Manage and lead a team of staff and seniors on SAP Security control review projects, ensuring adherence to project timelines and quality standards.
• Leading the team members with the SAP related queries, latest updates on relevant applicable standards.
• Preparing and sharing the proposal & pursuits for SAP engagements.
• Regular connects with onshore counterparts to ensure the deliverables are meeting expectations & standards, creating opportunities basis skill sets.
• Perform control testing for both ITAC & ITGC as per the client scope and requirement.
• Contribute to the Risk Consulting team as a key member and assist with facilitating practice wide training (SAP Security/ SAP IT Control testing /SoD reviews/SAP Pre & Post Implementation) curriculum.
• Work closely with onshore, cross-functional teams and develop strong relationships across the organization, especially with Onsite team.
• Stay updated with and promote awareness of updated ERP versions & its functionalities, industry best practices.
• Active team member executing project management/ stakeholders’ management (Client, Assurance, onshore)
• Provide quality deliverables with value addition on the engagements and is known as SMR across organization.

Skills and attributes for success

• Candidate must have minimum 8 – 12 years of experience in SAP Security with knowledge of Security controls and IT governance practices.
• Should have completed at least 5-6 Risk & Control engagements covering pre-& post implementation reviews, security assessments, control design and testing for SAP ECC and/or S4 HANA landscape.
• Perform SAP audits, focusing on system integrity and data accuracy.
• Design and assess SAP S4 controls, identifying gaps and recommending improvements.
• Familiarity with key business process such as Order To Cash, Procure To Pay, and Record To Report and utilize functional knowledge of key business processes to enhance control frameworks.
• Experience in reviewing and testing of SAP S4 Hana / SAP ECC IT general controls (ITGC) for key domains such as access management, change management, computer operations, SDLC (System Development Life Cycle)
• Experience in reviewing and testing SAP S4 Hana / SAP ECC security & configurations such as debugging, client settings, etc.
• Experience in performing pre & post implementation reviews in SAP S4 Hana / SAP ECC environment and have been through S4 Hana/ ECC lifecycle & performing migration testing.
• Knowledge and understanding of the T-Code, tables used to extract the data from SAP S4 Hana / SAP ECC with relation to review of the security configurations.
• Knowledge and understanding of SAP S4 Hana / SAP ECC user access security architecture (Roles, profiles, Authorization objects)
• Experience in testing of firefighter controls in SAP S4 Hana / SAP ECC and GRC.
• Experience in reviewing and testing the Operating System (OS) and Hana Database (DB) controls in SAP S4 Hana / SAP ECC environment.
• Experience of working with other SAP applications such as GRC, Fiori, BW, BI, Ariba, Concur, Success Factor, VIM, Vistex.
• Experience in evaluation and testing of sensitive access and SOD (Segregation of Duties) across key business and IT process in SAP S4 Hana / SAP ECC and GRC environment.
• Experience in SAP GRC access control (AC) & process control (PC), financial compliance management (FCM).
• Experience in performing the walkthrough (Test of design) directly with the client, Operating Effectiveness and have knowledge of the financial statement’s assertions.
• Experience in reviewing and testing the key reports ensuring the risks (completeness & accuracy) related to IPE’s (Information Produced by Entity) are addressed.
• Knowledge of SAP S4 Hana / SAP ECC standard functionalities in relation to business and IT controls.
• Experience in reviewing and testing the key business process configurations (ITAC’s) in SAP S4 Hana / SAP ECC environment. Having strong knowledge of SAP S4 Hana / SAP ECC configurations (e.g., 3-way match, copy controls) is must.
• Experience in testing of interface controls between multiple systems and middleware controls.
• Knowledge and understanding of common IT governance, control, and assurance industry frameworks, including COBIT and ISACA best practices.

To qualify for the role, you must have

• 8 – 12 years of experience in SAP Security, SoD review experience and IT Application control reviews/audit.
• Excellent project management, time management, managerial and leadership skills.
• Proven experience in SAP Risk and Controls projects.
• Strong SAP Functional & Technical controls understanding of SAP ECC & S4 HANA environments.
• Ability to communicate complex ideas effectively, both verbally and in writing.
• Good to have exposure in SAP Basis testing & SAP ITGC testing will be preferable
• Candidate with professional consulting experience in technology risk management ideally with a Big 4 or similar large consulting firm will be preferred.

Ideally, you’ll also have

• A bachelor's or master's degree (B.TECH/B.E/M.TECH/MBA-Finance)
• SAP S4 Hana / SAP ECC functional modules/ ABAP/ Security Certification (Preferred)
• CISA certified (Preferred)
• ISO 27001:2013 certified (Preferred)
• Any other relevant certification (Preferred)
• Excellent communication skills with consulting experience preferred
• A valid passport for travel.

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you

• Lead multi-workstream delivery across Workforce Transformation, L&D, OCM, and Organization Design.
• Ensure consistent application of EY’s consulting playbook, frameworks, and methodologies.
• Drive operational excellence, standardization, and scalability across engagements.
• Monitor KPIs, SLAs, and client satisfaction metrics across branches.

Strategic Execution

• Integrate AI into service offerings (e.g., AI-enabled coaching, proposal development, change agents).
• Support MENA integration through boot camps, cadence calls, and joint pursuits.
• Drive sector specialization via account-centricity programs and competency badges.
• Develop and deliver managed service engagements and reusable assets.
• Build bilingual and AI-ready teams to serve diverse client bases.

Stakeholder Engagement

• Act as a trusted advisor to clients, translating strategic goals into actionable consulting solutions.
• Lead stakeholder engagement, change readiness assessments, and communication planning.
• Support RFP pursuits and proposal development, leveraging AI and design thinking.

Practice Development And Innovation

• Champion digital learning, systems thinking, and innovative change management approaches.
• Lead capability building initiatives, including Train-the-Trainer programs and internal knowledge sharing.
• Develop PoVs, job evaluation tools, and leadership assessment frameworks.

People And Project Management

• Manage cross-functional teams across geographies, ensuring effective collaboration and delivery.
• Mentor and coach team members, fostering a high-performance culture.
• Oversee project budgets, timelines, and resource allocation.

Skills And Attributes for Success

• Proven experience in managing multi-stream consulting projects across HR, L&D, OCM, Org Design, and Workforce Transformation.
• Strong understanding of operating model design, strategic workforce planning, and competency frameworks.
• Excellent stakeholder management, communication, and facilitation skills.
• Strategic thinker with a pragmatic approach to problem-solving and delivery excellence.
• Experience in global consulting environments and managing complex transformation programs.

Qualifications

• Bachelor’s/Master’s degree in HR, Organizational Psychology, Business, or related field.
• 12–15 years of experience in People Consulting, with at least 5 years in a leadership role.
• Experience in managing global teams and delivering transformation programs.

Preferred Certifications

• PROSCI Change Management
• PMP / Prince2
• CPLP / Instructional Design
• Agile / Scrum (preferred)
• Lean Six Sigma (Green Belt desirable)
• - SHRM / CIPD / OD-related certifications