As a Security Consultant, the individual will provide security guidance to internal IT project teams responsible for delivering ET and Info Sec IT solutions, with a focus on Networking / infrastructure technology. The Security Consultant will identify and prioritize security-related requirements, promote secure-by-default designs and ensure information systems and infrastructure will be secured throughout the system development life cycle (SDLC) in an agile environment.
Skills and attributes for success
- Solid background in IT risk assessments, and knowledge of good security practices and controls used in applications and infrastructure.
- A solid understanding of security and security tools in 1 or many of the following areas: network, operating systems, databases, encryption, access controls
- Translate technical vulnerabilities and security risks into business risk terminology for business units and recommend corrective actions to customers and project stakeholders.
- Ability to document and produce meaningful artefacts on risk assessments, engagement Statements of Work, process, minimum security baselines and presentations on security risks.
- Manage customer expectations and deliver quality security consulting services while balancing business objectives with security requirements.
- Ability to partner with technical teams in a practical manner when conflicting interests arise while preserving EY core security principles and policies.
- Ability to proactively lead, own and research security related subject matters when required to take a position or resolve issues.
- Ability to lead a cross functional team to facilitate and enhance the understanding & compliance to security policies.
To qualify for the role, you must have
- A minimum of 8-10 years of experience in an Information Security or Information Technology discipline.
- Working experience in performing security risk assessments for information systems and developing appropriate risk treatment and mitigation options to address security risks identified during security reviews or risk assessments.
- Excellent interpersonal, communication, organizational and project management skills.
- Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change.
Ideally, you’ll also have
- An SSCP or other ISC(2) designation
- One or more years of experience with application development, Agile Methodology, DevOps, Continuous Integration / Continuous Delivery, and IoT security.
- Knowledge or experience with cloud services (e.g. Azure, AWS, etc…) and security of those cloud services and applications.
- Knowledge of common information security standards and risk analysis methodologies, such as: ISO 27001/27002, NIST, PCI, COBIT, ISF IRAM2, and OWASP.