The point where experts and best companies meet
Share
Job Summary
Cloud Risk focuses on proactively identifying and managing risks across the cloud environment in real-time, to enable business functionality and provide operational stability. Bringing Cloud Risk to life requires actions beyond refining existing Cloud methodologies and operating models. In this role, you will advise clients in identifying and managing Cloud security risks to their IT environments. You’ll also identify potential business opportunities for EY within existing engagements and enable new wins.
Responsibilities
Develop an understanding of client’s cloud architecture and platforms, current transformation efforts, process execution, and/or culture and skillsets across competencies including, but not limited to Technology and Data Public and Hybrid Cloud Technologies, Data Governance, Tech Transformation, and Path to Production/Tech Change Management.
Understand the implications that are driving the increased level of risk for each identified risk contributor; consider risk impacts that directly affect the client’s desired target state and how these risks can be mitigated using a combination of technology and process enhancements.
Develop a strategy to Derisk the Cloud environment across current risk contributors; identify interaction points between the Derisk IT strategy and current IT and risk strategies; prioritize any elements of the strategy that introduce new risks.
Establish Cloud process, risk, and control metrics that prioritize high-risk services and capabilities and are designed to be monitored, ensuring risk reduction can be accurately measured in real time
Lead risk assessments and control testing for applications and workloads being migrated to Cloud, to identify potential security risks and compliance gaps.
Ensure that cloud services adhere to applicable laws, regulations, and industry standards (e.g., GDPR, PCI-DSS, ISO/IEC 27001, NIST).
People responsibilities
Foster teamwork, quality culture and lead by example.
Train and mentor, the project resources and team members
Right attitude towards teaming, ownership, and knowledge sharing
Prepare reports and schedules that will be delivered to clients and other parties.
Develop and maintain productive working relationships with client personnel.
Planning and monitoring of the project deliverables for the team
Mentor the project team in executing the project deliverables.
Regular status reporting to the project manager and onsite coordinators
Good verbal and written communication skills
Mandatory skills requirements
3-8 years of experience in the field of cloud and technology risk management
Ability to identify risks within IT and business processes and design appropriate controls to mitigate cloud risks
Experience in various IT service management, change management and application development tools (e.g. JIRA, GitHub, etc.)
Experience of embedding security and privacy controls into information systems design for Cloud
Experience of using key risk indicators and key performance indicators to manage Cloud risks
Preferred skills
Strong understanding of the cloud service provider landscape, cloud-native security tools, and features in AWS, Azure, GCP and other cloud providers.
Profound knowledge of industry benchmarks and best practices for cloud computing, including the CIS, CSA CCM, FFIEC, FedRAMP, etc.
Basic understanding of Generative AI technologies and their implementations across major cloud service providers like Azure, AWS and GCP.
Relevant professional qualifications such as M. Tech, MCA, MS, MBA-IT or B.E/B. Tech (Electronics, Electronics & Telecommunications, Comp. Science)
Certifications (Preferred)
Relevant professional certifications such as CCSP, CCSK, CISM, CRISC, CISA, etc.
Cloud certifications for AWS, Azure and GCP and/or relevant cloud security certifications.
Certifications in any tools such asServiceNow, Jenkins, JIRA, Terraform, GITHUB, etc.
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
These jobs might be a good fit