EY GDS Consulting Cyber Security - Strategy Risk 

Philippines, Cebu City 

674757202

• Ensure the delivery of third-party risk management engagements, which involve performing security assessments of the client’s third-party service providers. This involves:
o Performing security assessments of new and existing service providers
o Assessing vendor answers and follow up with vendor directly for questions
o Conducting a risk analysis and assessment of vendor information and documentation against a client’s IT security and data privacy requirementso Defining appropriate risk levels and corrective actions
o Identifying issues and work with vendor to resolve/accept
o Following up on corrective action plans
o Maintaining issues/items tracker and status updates for each vendor review
o Provide risk acceptance and/or risk remediation recommendations
• Work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating senior team members on progress.
• Execute the engagement requirements, along with review of work by junior team members.
• Help prepare reports and schedules that will be delivered to clients and other parties.
• Develop and maintain productive working relationships with client personnel.
• Build strong internal relationships within EY Consulting Services and with other services across the organization
• Contribute to people related initiatives including recruiting and retaining Cyber Transformation professionals
• Maintain an educational program to continually develop personal skills of staff
• Understand and follow workplace policies and procedures
• Building a quality culture at GDS
• Help senior team members in performance reviews and contribute to performance feedback for staff/junior level team members
• Manage the performance management for the direct reportees, as per the organization policies.
• Foster teamwork and lead by example
• Training and mentoring of project resources
• Participating in the organization-wide people initiatives

• Hands-on experience of more than 5 years with key components of cybersecurity including (but not limited to):
o Vendor Risk Management
o Cyber Strategy & Governance, Cyber Transformation, Cyber Dashboarding
o Regulations/standards such as ISO 27001, PCI DSS, HIPAA, HITRUST, GDPR, CCPA, FISMA/FEDRAMP, COBIT, OWASP Top 10, NIST 800-53• Must have experience in working in client facing roles, interacting with the third parties, assessing different kinds of environments (IT and non-IT) and ability to apply cyber security concepts in all these sectors.
• Must have experience in assessing OT infrastructure (PLC, SCADA devices, etc).
• Good understanding of Secure SDLC concepts.
• Hands-on experience in network device (firewalls, routers etc.) configuration review is a plus.
• Should have a good understanding of VAPT process, common application security vulnerabilities, exploitation techniques and remediation measures.
• Good knowledge on Network Security and network architecture diagram reviews, access and perimeter control, vulnerability management and intrusion detection, firewall rule-based reviews.
• Good understanding of logging and monitoring tools (SIEM). Hands-on in any one of the SIEM tools is a plus.
• Must have a good understanding of cryptographic concepts.
• Strong understanding of Cloud Security in (specifically MS Azure.)
o Knowledge in other cloud platforms is a plus.

To qualify for the role, you must have:

• BE - B. Tech / MCA / M. Tech/ MBA with background in computer science and programming.
• Strong Excel and PowerPoint skills.
• Should be proficient in leading medium to large engagements and coach junior staff.

Ideally, you’ll also have

• Project management skills.
• CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor and Lead Implementer.

What we look for

• A team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills.
• An opportunity to be a part of market-leading, multi-disciplinary team of 1400 + professionals, in the only integrated global transaction business worldwide.
• Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries.

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you

Apply now

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.