Expoint - all jobs in one place

The point where experts and best companies meet

Limitless High-tech career opportunities - Expoint

EY Senior Cloud Risk Financial Services 
India, Karnataka, Bengaluru 
9649626

17.07.2024

Job Summary

Cloud Risk focuses on proactively identifying and managing risks across the cloud environment in real-time, to enable business functionality and provide operational stability. Bringing Cloud Risk to life requires actions beyond refining existing Cloud methodologies and operating models. In this role, you will advise clients in identifying and managing Cloud security risks to their IT environments. You’ll also identify potential business opportunities for EY within existing engagements and enable new wins.

Responsibilities

  • Develop an understanding of client’s cloud architecture and platforms, current transformation efforts, process execution, and/or culture and skillsets across competencies including, but not limited to Technology and Data Public and Hybrid Cloud Technologies, Data Governance, Tech Transformation, and Path to Production/Tech Change Management.
  • Understand the implications that are driving the increased level of risk for each identified risk contributor; consider risk impacts that directly affect the client’s desired target state and how these risks can be mitigated using a combination of technology and process enhancements.
  • Develop a strategy to Derisk the Cloud environment across current risk contributors; identify interaction points between the Derisk IT strategy and current IT and risk strategies; prioritize any elements of the strategy that introduce new risks.
  • Establish Cloud process, risk, and control metrics that prioritize high-risk services and capabilities and are designed to be monitored, ensuring risk reduction can be accurately measured in real time
  • Lead risk assessments and control testing for applications and workloads being migrated to Cloud, to identify potential security risks and compliance gaps.
  • Ensure that cloud services adhere to applicable laws, regulations, and industry standards (e.g., GDPR, PCI-DSS, ISO/IEC 27001, NIST).

People responsibilities

  • Foster teamwork, quality culture and lead by example.
  • Train and mentor, the project resources and team members
  • Right attitude towards teaming, ownership, and knowledge sharing
  • Prepare reports and schedules that will be delivered to clients and other parties.
  • Develop and maintain productive working relationships with client personnel.
  • Planning and monitoring of the project deliverables for the team
  • Mentor the project team in executing the project deliverables.
  • Regular status reporting to the project manager and onsite coordinators
  • Good verbal and written communication skills

Mandatory skills requirements

  • 3-8 years of experience in the field of technology and technology risk management
  • Ability to identify risks within IT and business processes and design appropriate controls to mitigate risks
  • Experience in various IT service management, change management and application development tools (e.g. JIRA, GitHub, etc.)
  • Experience of embedding security and privacy controls into information systems design
  • Experience of using key risk indicators and key performance indicators to manage technology infrastructure risks

Preferred skills

  • Strong understanding of the cloud service provider landscape, cloud-native security tools, and features in AWS, Azure, GCP and other cloud providers.
  • Profound knowledge of industry benchmarks and best practices for cloud computing, including the CIS, CSA CCM, FFIEC, FedRAMP, etc.
  • Basic understanding of Generative AI technologies and their implementations across major cloud service providers like Azure, AWS and GCP.
  • Relevant professional qualifications such as M. Tech, MCA, MS, MBA-IT or B.E/B. Tech (Electronics, Electronics & Telecommunications, Comp. Science)

Certifications (Preferred)

  • Relevant professional certifications such as CCSP, CCSK, CISM, CRISC, CISA, etc.
  • Cloud certifications for AWS, Azure and GCP and/or relevant cloud security certifications.
  • Certifications in any tools such as ServiceNow, Jenkins, JIRA, Terraform, GITHUB, etc.



EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.