Analyst at Ernst & Young
Views:3307 Applications:95 Rec. Actions:Recruiter Actions:52
EY - Third Party Risk Assessment Role (2-8 yrs)
We have an opportunity across levels in our Risk Advisory Service Line. Required skills include Third Party Risk Assessments, Infrastructure / Application Security, IT Audit, Vulnerability Assessment, Penetration Testing, Cloud Security, Identity & Access Management, Information Risk Management etc.
Brief role description
As a part of IT Risk and Assurance, you'll actively establish, maintain and strengthen internal and external relationships. With the guidance of partners, directors and senior managers, you'll identify potential business opportunities for Ernst & Young. Drawing on your knowledge and experience, you'll provide innovative commercial insights for clients, adapt methods and practices to fit operational team and cultural needs and contribute to thought leadership.
You'll actively contribute to improving operational efficiency on projects and internal initiatives. In line with our commitment to quality, you'll consistently drive projects to completion and confirm that work is of high quality. Your role in leading teams or parts of teams on engagements will depend on the size of the engagement. When working on engagements, you'll report to higher levels of management, who will expect you to anticipate and identify risks, and raise any issues with them as appropriate.
As an influential member of the team, you- ll help to create a positive learning culture, coach and counsel junior team members and help them to develop.
- Effectively liaise with clients and manage stakeholder expectations.
- Identification of issues, risks, opportunities and improvement of policies, processes, procedures and standards.
- Documenting Information security risk in relation to Technologies, People and Process.
- Ability to map business requirement to technical specifications.
- Identifying Information Security compensating controls or alternate controls in case primary control requirements are not met.
- Assisting Vendor risk management process from Information Security point of view.
- Raising risk findings with stakeholders and recording it per standardized requirements. Should be able to communicate key risk findings effectively.
- Perform risk treatment discussions with stakeholders and gain business consensus on risk treatment roadmap.
- Work with client Information Security teams, compliance teams, auditing teams, and regulators to identify and document various requirements/obligations and formulate the roadmap for potential program implementations.
Typical Skills include:
- Passionate about learning new market trends in Information Security and the ability to identify applicability in various client environments
- Exceptional written/verbal communication and inter-personal skills
- Excellent documentation and presentation skills
- Strong analytical and creativity skills
- Highly motivated and willing to work in a rapidly evolving environment
- Leadership qualities and positive attitude to succeed
- Passionate and flexible to work in a team and should also be able to adapt to scenarios where projects require working in an independent capacity.
- Experience in Cyber Security domains like Third Party Risk Assessments, Infrastructure / Application Security, IT Audit, Vulnerability Assessment, Penetration Testing, Cloud Security, Identity & Access Management, Information Risk Management etc.
- Understanding of Third-party risk management considerations including cloud implications of utilizing the Third party.
- Knowledge of Data Protection & Privacy related risks associated with Third-Party and relevant control frameworks for Third-party risk management
- B.Tech / B.E / MBA / MCA or equivalent
- Minimum 2 - 8 years of experience in Information Security / Cyber Security
- At least 1 - 3 years of experience in Big 4 / Consulting role is desirable
- Certifications must have: One or more of CISSP, CISA, CISM, CEH, ISO27001
- Certifications desirable: CCSP, CCSK, OSCP
This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.