EY Risk Consulting - Protect Tech Manager Application Security 

India, Karnataka, Bengaluru 

672970907

Key responsibilities

The purpose of this role will be to supervise delivery, provide technical and project leadership to your team members, as well as build relationships with clients. While delivering quality client services and enabling high-performing teams, you will drive high-value work products within expected timeframes and budget. You will monitor progress, manage risks and ensure key stakeholders are kept informed about progress and expected outcomes. Additionally, you should have following skills added below.

• Perform comprehensive Application Security assessments and collaborate with developers to mitigate vulnerabilities.
• Evaluate software architectures to detect potential threats, craft threat models to illustrate possible attack paths, and prioritize security measures.
• Scrutinize developer-written code for security weaknesses, compliance with coding standards, and alignment with best practices, integrating security throughout the development process.
• Execute a suite of security tests, including static (SAST), dynamic (DAST), and interactive (IAST) analyses, to discover and address application vulnerabilities.
• Provide security training to enhance the team's security awareness.
• In critical security incidents, you'll be instrumental in the investigation, containment, and resolution efforts, working alongside incident response teams.
• Guide application onboarding and support developers through the review process, ensuring a smooth integration into our security framework.
• Develop and refine roadmaps and priorities for our Assurance program, focusing on the security of tools and services.
• Lead teams to develop security guidelines and maintain stakeholder relationships.
• Partner with engineering teams and tool owners to proactively embed the Assurance function earlier in the development cycle.
• Innovate and enhance the Application Risk Assessment program, ensuring continuous improvement.
• Evaluate tools and technologies to identify gaps in data protection and compliance, ensuring adherence to regulatory standards.

To qualify for the role, you must have

• A bachelor’s degree in information technology, Cybersecurity, or Business Management with at least 7 years of experience in product/technical program management, data analysis, or product development, or an equivalent combination of education and experience.
• A minimum of 3 years of experience in managing cross-functional and/or cross-team projects.
• At least 7 years of work experience in technology administration/management, technical risk management, technical risk consulting, and/or software development/engineering.
• Proficiency in coordinating complex process reviews, interpreting results, and clearly articulating findings.
• Possession of at least one relevant industry certification, such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, among others.
• Coding skills ranging from basic to moderate are preferred.
• Prior experience working on an application or service development team is advantageous.
• Excellent written and oral communication skills, with the ability to adjust messaging for different audiences.

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.