EY Information Security Consultant 

Poland, Lower Silesian Voivodeship 

30832890

Your key responsibilities

This position is an individual contributor capable of supporting multiple project teams in the design, implementation and certification of security controls across IT systems – constituting new platforms/products used with in EY. This requires knowledge of various IT system architecture and technology like Travel solutions, Meeting & Events leaders apps etc hosted in different Cloud environments with mobile apps offerings, as well as supporting technology such as IAM, network security, firewalls, user account management, audit & logging, and other security concepts as outlined in ISO27001, OWASP and related security standards. Also consultants should have knowledge of how to assess 3rd Party security assessments and applicability of SOC1, SOC2 reports and concepts of vendor risk management.

Skills and attributes for success

Significant working security experience (with automation platform is a plus) and knowledge in the design, implementation and operation of security controls in any two or more of the following areas (Application Security & Mobile Security preferable):

• Application Security - Experience with the design of security controls for multi-tier business solutions including the design of application-level access and entitlement management, data tenancy and isolation, encryption, and logging. Working familiarity with REST API and micro services architecture.
• Cloud Security –Technical understanding of virtualization, cloud infrastructure, and public cloud offerings and experience designing security configuration and controls within cloud-based solutions in Microsoft Azure and Azure PAAS services
• Mobile Security –Technical understanding of Mobile Security standards, mobile platforms, mobile testing and experience designing security configuration and controls within mobile device-based solutions. Add-on experience of Mobile app integration with Microsoft InTune plaftform will be an advantage.
• Infrastructure Security – Experience with the integration of common infrastructure security technologies and solutions into business solution architectures including the integration of identity & access management, intrusion detection and prevention, security monitoring, and data encryption solutions.
• Agile & DevOps Methodologies – Experience as a contributing member of a balanced team within an Agile development or DevOps environment.
• Identity and Access Management - Active Directory based Identity and Access Management and Authorization design experience and integration with IDaaS and Federation technologies.

To qualify for the role you must have

• 6+ years of IT industry experience with minimum eight years of relevant experience in Information Security discipline
• A Bachelor's/Master’s degree in Computer Science or a related discipline, or equivalent work experience
• Experiencing in reviewing Mobile applications & platforms, with knowledge of Cloud Environment set up, and knowledge of common information security requirements for such platforms is a plus
• Experience providing and validating security requirements related to information system design and implementation
• Experience providing and validating security requirements related to a broad range of operating systems and databases
• Experience conducting risk assessments, vulnerability assessments, vendor and third party risk assessments and recommending risk remediation strategies
• Experience in the use of tools and methods to identify security exposures and business risks
• Familiarity with information system attack methods and vulnerabilities

Ideally, you’ll may also have

• Candidates are preferred to hold or be actively pursuing related professional certifications such as CISSP, CISM or CISA
• Knowledge of common information security standards, such as: ISO 27001/27002, NIST, PCI DSS, ITIL, COBIT
• Working experience with the design and engineering of web-based multi-tier information systems and architecture design
• Working experience with web technologies and programming languages
• Working experience with operating systems and database platforms
• Working experience with mobile applications and mobile enterprise application platforms
• Working experience with more than one of these technologies, i.e. Java, .NET, Oracle, SQL, C++, WebSphere, Sharepoint, IIS, etc.
• Working experience with Cloud & Mobile solutions.

What we look for

• Ability to team well with others to facilitate and enhance the understanding & compliance to security policies
• Ability to work effectively with customers, management, staff members, vendors, and consultants and articulate findings and recommendations
• Strong English communication and writing skills are required
• Strong judgment and analytical ability
• Excellent interpersonal, communication, organizational, and project management skills
• Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change
• Demonstrated integrity in a professional environment
• Willingness to work in CET timezone, to support US & EU initiatives, being flexible when required

What we offer

EY Global Delivery Services (GDS) is a dynamic and truly global delivery network. We work across ten locations – Argentina, China, Hungary, India, the Philippines, Poland, Sri Lanka, Mexico, Spain and the United Kingdom – and with teams from all EY service lines, geographies and sectors, playing a vital role in the delivery of the EY growth strategy. From accountants to coders to advisory consultants, we offer a wide variety of fulfilling career opportunities that span all business disciplines. In GDS, you will collaborate with EY teams on exciting projects and work with well-known brands from across the globe. We’ll introduce you to an ever-expanding ecosystem of people, learning, skills and insights that will stay with you throughout your career.

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

If you can demonstrate that you meet the criteria above, please contact us as soon as possible.

In compliance with the requirements of the Whistleblower Protection Act, our company has established the Procedure for reporting breaches of law and undertaking appropriate follow-up actions. Any misconduct should be reported through the EY Ethics Hotline.