EY Cybersecurity Risk Consultant 

Malta, Central Region 

495249671

Your Key Responsibilities

Your main responsibilities will be:

• Assist client in evaluating, enhancing, or developing, and managing their:

• • Cybersecurity program including technology controls, process controls, and governance, technology risk elements. o Business Continuity and Disaster Recovery Management programs o Data Protection and Privacy
  • Threat and Vulnerability Management programs
  • Security Incident Detection and Response management programs o Identity and access management programs

• Design and implementation of security policies, procedures, standards, and controls in line with regulation and/or current standards, ISO27001, NIST, SANS etc.
• Implementation of data protection and / or privacy programs to address confidentiality and security of personal data.
• Serve as a trusted advisor, collaborating closely with clients to understand their unique challenges and providing expert guidance on cybersecurity and risk management.
• Manage end-to-end delivery of client engagements, from scoping through execution.
• Assist clients in developing / enhancing their cybersecurity strategies and multi-year implementation roadmaps, in alignment with their risk landscape.
• Provide support in the design and implementation of cybersecurity governance frameworks and policies.
• Conduct comprehensive technology risk and controls assessments to identify and prioritize cyber risks and develop risk management strategies to mitigate risks effectively.
• Assist clients in defining risk appetite and tolerance levels aligned to business objectives.
• Conduct gap and maturity assessments with relevant standards and frameworks and develop compliance strategies and roadmaps tailored to clients' needs (i.e. DORA, NIS2, ISO 27001, etc).
• Collaborate on internal innovation initiatives, contribute to the development of new service offerings and the enhancement of existing service methodologies.

To qualify for the role, you should have:

• A BSc. degree in Computer Science, Information Technology, Cyber Security, or a related field.
• A MSc. degree in Information Security, Cyber Security or a related field will be considered an advantage.
• Up to 3 years of related experience in Information Security / Cybersecurity, with a focus on IT governance and technology risk. Consideration will be given for equivalent combined experience in an IT Risk Management, or Cybersecurity capacity.
• A professional qualification such as: CISM, CISA, CRISC, CISSP, ISO 27001, or related.
• Knowledge of general IT and business processes and familiarity with organizational technology landscapes.
• Understanding of cyber risk assessment and technology risk management, and familiarity with cybersecurity and privacy-related regulatory compliance requirements, industry standards and frameworks (DORA, NIS2, PCI DSS, ISO 27k, etc.), and key technical concepts (e.g., networking, protocols, cloud technologies).

Ideally you should also have:

• Experience in client service delivery and be able to manage multiple engagement teams and projects.
• Good project management skills.
• Experience in coaching and supervising junior team members.
• Be a team player with good communication and interpersonal skills.
• Creative, independent with good problem-solving skills.