דרושים Consultant - Tc Cyber Security Data Prot ב-Ey ב-United States, Atlanta

We are operating in an increasingly connected world that is changing how to manage risk. With fast-paced technology advancements, new innovations within emerging technologies, and an ever-challenging regulatory environment, it is business critical for our organization to identify not only the risks but the opportunities these present to us. As a Data Protection & Privacy Senior Associate, you will support processes within the Ethics, Compliance, and Risk Management (ECRM). Our brand depends on it. It’s all part of our long-term commitment to building a better working world and in return, you can expect plenty of opportunities to take on new responsibilities and develop your career.

Your key responsibilities

As part of the EY Americas Data Protection (Confidentiality, Data Privacy) function, you will maintain visibility over and perform data protection due diligence activities around business processes and processing activities (i.e., Activity Privacy Impact Assessments (APIAs)). You will help to interpret data protection and privacy laws and policies, determine required actions to standard and non-standard situations, and make recommendations based on firm guidance, professional standards, subject matter expertise, and acquired experience.

Skills and attributes for success

• Supports the Compliance function of the Data Protection program as needed, including but not limited to:

• • Conducting data protection due diligence reviews of business processes and data processing activities in order to enable EY compliance with legal/regulatory, EY firm, and EY client data protection and privacy requirements,
  • Developing procedures operationalizing data protection compliance measures, and monitoring and assessing adherence to implemented controls,

• Collaborating with various functions within the organization, such as Talent, Finance, Service Line Quality, and business teams to maintain visibility over evolving and new processing activities and bake in Data Protection compliance measures as appropriate, and
• Creating reports on various data protection compliance activities to be delivered to key program stakeholders, including senior leaders within the organization;
• Assists the Data Risk Management function of the Data Protection program as needed, including but not limited to:

• • Documenting, conducting, and assisting others with investigations of data incidents (i.e., instances of loss, theft, or inappropriate disclosure of confidential/personal information); collaborating with clients, internal functions, and EY service lines to understand root cause, assess impact, and develop remediation plans, and
  • Developing and maintaining EY confidential and personal information inventory, in partnership with EY internal functions and service lines, to understand types of information that require protection and to fulfil data protection regulatory requirements (e.g., Records of Processing Activities (ROPA)).

• Continuously maintains and expands knowledge of field of expertise and communicates new developments and resulting impact to program stakeholders and team members; and
• Participates in various ad-hoc Data Protection and Privacy projects, as needs develop.

To qualify for the role, you must have

• Strong verbal and written communication skills
• Solid understanding of relevant firm business and area wide data protection issues and concerns
• Strong problem-solving skills
• Flexibility and the ability to take the initiative
• Ability to right-size risk
• Strong research skills
• Strong project management skills; ability to successfully handle multiple tasks
• Good working knowledge of information systems and common software packages
• Bachelor’s degree or equivalent work experience; Graduate degree or Juris Doctorate preferred
• 1-4 plus years related experience

Ideally, you’ll have

• Ability to reference existing firm data protection and privacy policies as well as knowledge and experience to review complex situations and assist in proposing solutions
• Strong knowledge of relevant global, national, and local data protection laws, regulations, and standards, as well as familiarity with other risk management initiatives outside of their specific area
• Sound understanding of high-level technology trends and issues surrounding data protection
• Privacy certification from ISACA or the International Association of Privacy Professionals (e.g., CIPP, CIPM, CDPSE, AIGP)

What we look for

We’re interested in people that will be able to right-size risk and recommend creative solutions to complex problems, as well as make significant contributions to complex Risk Management projects.

We offer a competitive compensation package where you’ll be rewarded based on your performance and recognized for the value you bring to our business. In addition, our Total Rewards package includes medical and dental coverage, both pension and 401(k) plans, a minimum of 18 days of paid time off with additional time based on your level and years of service plus 12 observed holidays, and a range of programs and benefits designed to support your physical, financial and social well-being.

Full time employment, Monday – Friday, 40 hours per week, 8:30 am – 5:30 pm.

MINIMUM REQUIREMENTS:

Must have a Bachelor’s degree in Computer Science, Management Science, Management Information Systems, Data, Business, Ethics, Law, or a related field and 5 years of progressive, post-baccalaureate related work experience. Alternatively, will accept a Master’s degree in Computer Science, Management Science, Management Information Systems, Data, Business, Ethics, Law, or a related field and 4 years of related work experience.Must have 4 years of work experience in a privacy environment assessing client risk and compliance to Global privacy regulations.Must have 4 years of experience in one or more of the following areas:
· Cybersecurity or privacy assessments;
· Privacy, IT, risk management and cybersecurity policies, standards, procedures and controls;
· Privacy and cybersecurity strategies and roadmaps;
· Privacy and cybersecurity awareness and training; or
· Privacy and cybersecurity metrics and reportingMust have 4 years of experience in security frameworks and standards (ISO 27001/2, PCI DSS, or NIST 800-53) and in the cybersecurity laws and regulations (HIPAA, FISMA, or GLBA)Must have 4 years of combined experience in the following-- Consumer Perception of Data Privacy; Cybersecurity Frameworks and Privacy Management Systems; Cybersecurity Program Transformation; Cybersecurity Risk Management Process; Data Privacy Legal and Compliance Requirements; and Digital TransformationMust have one of the following:
· 3 years of experience in 3 of the following areas:

○ Secure messaging/email encryption
○ Mobile device security
○ Disk, file, device, and database encryption○ Digital Rights Management (DRM)
○ Logging, monitoring, and security event management
○ Artificial intelligence or machine learning (AI/ML)
○ Consent management
○ Data Retention and disposition
○ Secure information storage; OR

· 3 years of experience in at least one of the following regulatory requirements and/or compliance issues affecting clients related to privacy and data protection: Artificial Intelligence, PCI DSS, GLBA, Basel II, EU Data Protection Directive, International Cross Border and United States’ State Data Privacy Laws.Must have 4 years of communicating orally and in writing with client stakeholders.Must have 4 years of experience writing reports on findings and analysis of privacy issues.Must have 2 years of experience in implementation of privacy compliance technologies.Must have 2 years of experience leading teams of cyber security advisory/consulting professionals.Employer will accept any suitable combination of education, training or experience.

What we offer

We offer a comprehensive compensation and benefits package where you’ll be rewarded based on yourperformance and recognized for the value you bring to the business. The base salary for this job is $176,000 per year. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Join us in our team-led and leader-enabled hybrid model. Our expectation is for most people in external, client serving roles to work together in person 40-60% of the time over the course of an engagement, project or year. Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

This particular position at Ernst & Young in the United States requires the qualified candidate to be a "United States worker" as defined by the U.S. Department of Labor regulations at 20 CFR 656.3. You can review this definition at at the bottom of page 750. Please feel free to apply to other positions that do not require you to be a "U.S. worker".

Consulting - Technology Consulting - Cyber Security - Identity & Access Management(IAM) (Manager) (Multiple Positions) (1640021), Ernst & Young U.S. LLP, Atlanta, GA.

Full time employment, Monday – Friday, 40 hours per week, 8:30 am – 5:30 pm.

MINIMUM REQUIREMENTS:

Must have a Bachelor’s degree in Business, Computer Science, Information Systems, Engineering, Data, Management Science, or a related field and 5 years of progressive, post-baccalaureate related work experience. Alternatively, employer will accept a Master’s degree in Business, Computer Science, Information Systems, Engineering, Data, Management Science, or a related field and 4 years of related work experience.Must have 4 years of experience in one or more of the following:• Identity Governance and Administration (IGA). User provisioning and identity management solutions including design or implementation of user provisioning technologies (CA eTrust Admin, IBM Tivoli Identity Manager, Securonix, Saviynt or similar);
• Privileged Access Management (PAM)
• Single Sign-On (SSO) and Federation
• Multi-Factor Authentication (MFA) and Adaptive Authentication
• Role-based access control (RBAC) including design and development of user access roles;
• Directory services products including design or implementation (Radiant Logic);
• Web access control solutions including design and implementation of products; (RSA Cleartrust or CA/Netegrity Siteminder) and analysis of Segregation of Duties.Must have 4 years of consulting experience in Cyber Security and/or Identity Access Management (IAM).Must have 2 years of experience in one or more of the following:• Saviynt, SailPoint IIQ or IDN, Oracle Identity Governance, One Identity, or other user identity lifecycle management solution products or role-based access control solutions;
• Radiant Logic, Virtual Directory, or other directory services products;
• Azure AD, ForgeRock, Ping Identity, OKTA, or other single sign-on, multi-factor and federation solutions;
• BeyondTrust, CyberArk, Thycotic, Centrify, Hashicorp, or other privilege accounts lifecycle management solutions.
• Access control concepts, including access administration, directory services, SAML, LDAP, or PKI.
• Defining or re-engineering IAM related processes, including incident management, change management, and configuration management.
• SAML, SCIM, OAuth, or other integration APIs for IAM technologies.
• RBAC, PBAC, SOD, or risk-based access controls.Must have 2 years of experience presenting to executive level client stakeholders.Must have 2 years of experience managing teams of Cyber Security advisory/consulting professionals.Employer will accept any suitable combination of education, training or experience.

What we offer

We offer a comprehensive compensation and benefits package where you’ll be rewarded based on yourperformance and recognized for the value you bring to the business. The base salary for this job is $206,005.00 per year. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Join us in our team-led and leader-enabled hybrid model. Our expectation is for most people in external, client serving roles to work together in person 40-60% of the time over the course of an engagement, project or year. Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

This particular position at Ernst & Young in the United States requires the qualified candidate to be a "United States worker" as defined by the U.S. Department of Labor regulations at 20 CFR 656.3. You can review this definition at at the bottom of page 750. Please feel free to apply to other positions that do not require you to be a "U.S. worker".

MINIMUM REQUIREMENTS:

Must have a Bachelor's degree in Accounting, Finance, Information Systems, Business Analytics, Computer Science, Statistics or related field and 5 years of progressive, post-baccalaureate related work experience. Alternatively, will accept a Master’s degree in Accounting, Finance, Information Systems, Business Analytics, Computer Science, Statistics or related field and 4 years of related work experience.

Must have 4 years of experience with data analysis including data capture and data transformation; ETL tools including Alteryx and visualization tools including Power BI.

Must have 4 years of experience with analytical tools in one or a combination involving the following: Python, PySpark, Apache Spark, DAX Studio, Tabular Editor, JavaScript, and/or D3.js.

Must have 4 years of experience with developing data visualization dashboards for communication of anomalies, patterns and trends, using tools such as Power BI, Tableau or Spotfire using structured and unstructured data sources.

Must have 2 years of experience with financial business processes including experience working with audit teams and audit clients.

Must have 2 years of project management experience including multiple projects and deadlines.

Must have 2 years of experience with audit data analytics.

Must have 2 years of experience with writing and presenting findings to various stakeholders.

Must have 2 years of experience using database management software, statistical and predictive machine learning software, robotic process automation and AI.

Must have 4 years of experience in cloud computing in one or a combination involving the following: Rack Space, Citrix, Microsoft Azure platform and/or Microsoft Azure Databricks.

Must have 2 years of experience with ERP (Enterprise Resource Planning) specific tools such as SAP or Oracle, and ERP data models.

Requires domestic travel up to 20% in order to serve client needs.

Employer will accept any suitable combination of education, training, or experience.