As Risk Advisory Senior, you’ll contribute technically to Risk transformation client engagements and internal projects. You’ll also identify potential business opportunities for EY within existing engagements, and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior members of the team.
Client responsibilities
- Ability to work as a team lead within IT Risk Management (ITRM) projects
- Right attitude towards teaming, ownership, and knowledge sharing
- Work back with the project team to maintain transparency in communication, highlight risks and share mitigation plan
- Ability to visualise and propose solutions to customers based on the requirements shared
- Help prepare reports and schedules that will be delivered to clients and other parties
- Develop and maintain productive working relationships with client personnel
- Planning and monitoring of the project deliverables for the team
- Mentor the project team in executing the project deliverables
- Regular status reporting to the project manager and onsite coordinators
- Demonstrate flexibility to travel to the customer locations / other EY offices, on need basis
- Good documentation and communication skills
People responsibilities
- Conduct performance reviews and contribute to performance feedback for the team
- Foster teamwork, quality culture and lead by example.
- Understand and follow workplace policies and procedures
- Train and mentor the project resources and team members
Mandatory skills requirements
- 5-9 years of experience in the field of IT Security / Information Security / Cyber Security / Cloud Security
- Experience in IT Audits, IT General Controls, IT Attestation (SOC1/SOC2 Reporting), SOX-ITGC, etc.
- Experience in working with IT Risk Management frameworks to identify, analyse, mitigate, monitor and communicate IT risks
- Conduct risk assessments for process, applications, network infrastructure assets, and vendors
- Draft IT/Cyber risk assessment reports including findings, associated risks and recommendations
- Develop Key Risk Indicators (KRIs) and creating dashboards for continuous monitoring of the risks
- Experience in conducting IT controls validation and testing, and identifying control deficiencies
- Develop IT / Information security policies, standards and procedures
- Experience in working with leading industry standards such as NIST-CSF, ISO27001, ITIL, COBIT, PCI-DSS, CSA-CCM, CCSK, ISO27017, etc.
- Experience working on various cloud platforms such as Azure, AWS, GCP, etc. would be a plus
- Well versed with the security design concepts and should be able to drive discussions for IT risk management along with the customer
Preferred skills
- Experience in conducting awareness training and workshops on IT Risk Management
- Demonstrated track record with a consulting organization and/or a blue-chip organization
- Demonstrated experience in delivery of engagements and client management
- Relevant professional qualifications such as CA, MBA, MCA, MS
- B.E/B.Tech (Electronics, Electronics & Telecommunications, Comp. Science)/MBA/M.Sc. having experience with other Big3 or panelled IT/ ITeS companies.
Certifications (Preferred)
- Relevant professional certifications such as CISA, CISSP, CRISC, ISO27001, ITIL, COBIT, etc.
- Certifications in Cloud platforms such as Azure, AWS, GCP, etc.
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.