EY Application Security Architect - EY Global Delivery Services 

Argentina, Autonomous City of Buenos Aires, Buenos Aires 

751797688

As a Security Consultant, the individual will provide security guidance to internal IT project teams responsible for delivering ET and Info Sec IT solutions, with a focus on Networking / infrastructure technology. The Security Consultant will identify and prioritize security-related requirements, promote secure-by-default designs and ensure information systems and infrastructure will be secured throughout the system development life cycle (SDLC) in an agile environment.

Skills and attributes for success

• Solid background in IT risk assessments, and knowledge of good security practices and controls used in applications and infrastructure.
• A solid understanding of security and security tools in 1 or many of the following areas: network, operating systems, databases, encryption, access controls
• Translate technical vulnerabilities and security risks into business risk terminology for business units and recommend corrective actions to customers and project stakeholders.
• Ability to document and produce meaningful artefacts on risk assessments, engagement Statements of Work, process, minimum security baselines and presentations on security risks.
• Manage customer expectations and deliver quality security consulting services while balancing business objectives with security requirements.
• Ability to partner with technical teams in a practical manner when conflicting interests arise while preserving EY core security principles and policies.
• Ability to proactively lead, own and research security related subject matters when required to take a position or resolve issues.
• Ability to lead a cross functional team to facilitate and enhance the understanding & compliance to security policies.

To qualify for the role, you must have

• A minimum of 8-10 years of experience in an Information Security or Information Technology discipline.
• Working experience in performing security risk assessments for information systems and developing appropriate risk treatment and mitigation options to address security risks identified during security reviews or risk assessments.
• Excellent interpersonal, communication, organizational and project management skills.
• Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change.

Ideally, you’ll also have

• An SSCP or other ISC(2) designation
• One or more years of experience with application development, Agile Methodology, DevOps, Continuous Integration / Continuous Delivery, and IoT security.
• Knowledge or experience with cloud services (e.g. Azure, AWS, etc…) and security of those cloud services and applications.
• Knowledge of common information security standards and risk analysis methodologies, such as: ISO 27001/27002, NIST, PCI, COBIT, ISF IRAM2, and OWASP.