'%3e%3cpath d='M15.3069 13.1535H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3cpath d='M15.3069 8.15347H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3cpath d='M15.3069 3.30693H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath id='clip0_126_10407'%3e%3crect width='16' height='16' fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
IT Risk Assurance/Info Sec Audit - Big4
Mumbai- IT internal audit
- Security and technology solutions
- Application risk and controls implementation
- Information security
- Enterprise resource planning
- IT risk management and advisory
- IT effectiveness services
- IT assurance
- IT risk management implementation
- IT risk technology enablement
- Program risk management
- IT GRC (governance, risk and compliance)
- Service organization reporting
- Continuous process monitoring
- Infrastructure risk
- Data management
- Security strategy - Assess, design and implement a security strategy and governance program framework that describes the process, controls, organization and infrastructure to manage information security related concerns.
- Security implementation - Design, implement and integrate security solutions to address enterprise risks and exposures.
- Security governance - Design and implement security policies, procedures and standards that describe pragmatic, risk-based mechanisms to maintain the confidentiality, integrity and availability of information systems and the data processed therein.
- Security monitoring - Design and implement security solutions to monitor the efficiency and effectiveness of security operations, controls and infrastructure.
Two key themes that span our Information Security sub-service line are Data Protection (DP) and Identity and Access Management (IAM) services.
- IT Infrastructure Assessments - Assess the architecture and design of IT Infrastructure set-up, conduct tests for performance, scalability, resiliency/redundancy and capacity and provide recommendations to improve the IT posture.
Ernst & Young is currently seeking a Associate Consultant / Consultant/ Senior Consultant to become a member of the Information Security sub-service line.
Responsibilities:
- Deliver information security projects as part of an integrated team of Advisory professionals.
- Define technical and business requirements for information security solutions.
- Define information security processes and policies which secure and enable the business.
- Enforce business, privacy and security policies.
- Implement IT and information security related technology products.
- Review, assess, benchmark and develop issue remediation action plans for all aspects of information security programs and technologies.
- Develop information security strategies, architectures and implementation plans.
- Perform basic supervisory duties to mentor and coach junior staff. Develop people through effectively delegating tasks and providing guidance to staff. Assign and review the work of more junior employees and assist in the preparation of the final work products in order to confirm the work is performed with the highest quality standards. Provide performance feedback and training, and conduct performance reviews. Foster an efficient, innovative, and team-oriented work environment.
To qualify, candidates must have:
- a bachelor's degree and approximately 2 years of related work experience (Associate Consultant) / 4-5 Years (Consultant)/ 5-10 years (Senior Consultant); or a graduate degree and approximately 2-10 years of related work experience
- a degree in computer science, information systems, engineering, or business preferred
- approximately 1-2 years of related work experience in developing, implementing or architecting information security systems
- a strong understanding of information security regulatory requirements and compliance issues
- knowledge of general security concepts and methods such as vulnerability assessments, privacy assessments, intrusion detection, incident response, security policy creation, enterprise security strategies, architectures and governance
- understanding of networking (TCP/IP, OSI model), operating system fundamentals (Windows, UNIX, mainframe), security technologies (firewalls, IDS/IPS, etc.) and application programming/scripting languages (C, Java, Perl, Shell)
- experience in process definition, workflow design and process mapping
- demonstrated ability to contribute to the development of client deliverables and technical content
- advanced written and verbal communications skills
- excellent leadership and teaming skills
- demonstrated integrity within a professional environment
- ability to travel at least 75%
Experience in at least one of the following areas:
- Security Monitoring
- Log monitoring, correlation and analysis
- Privileged access management
- Security operations center – response team, incident handler, management
- Infrastructure Security, Performance & Optimization
- Network Infrastructure set-up and design
- Network Infrastructure design assessments (architecture diagrams, walkthroughs)
- Network performance assessments (testing for network performance, throughput, resiliency, redundancy and capacity)
- Hands-on Networking products and tools like Routers, Switches, Storage Area Network, Load Balancers
- Data Protection
- Data classification
- Email surveillance
- Information boundaries
- Encryption (Whole disk, end-to-end email, key management, database, etc)
- Experience developing DP strategies, architectures and implementation plans
- Identity and access management
- User provisioning process and lifecycle
- Enterprise directory architecture and design
- Role based access control
- Entitlement review and certification
- Entitlement management
- Single sign on
- Identity federation
- Privileged access management
- Experience developing IAM strategies, architectures and implementation plans
Experience implementing and integrating products such as:
- Security Monitoring
- Symantec Security Incident & Event Management
- RSA Envision
- HP Arcsight
- Data Protection products
- Symantec Data Loss Prevention products (formerly Vontu)
- RSA Data Loss Prevention Suite
- Websense
- Titus Labs
- Varonis DatAdvantage and DataPrivilege
- Identity and Access Management products
- Oracle Identity Management
- Sun Identity Manager
- IBM Tivoli Identity Manager
- Aveksa Compliance Manager
- SailPoint IdentityIQ
Additional skills desired:
- Prior Big 4, advisory or system integrator experience
- Ability to identify and resolve complex issues and develop innovative solutions (advisory skills) for the client's business and technology goals
- Working knowledge of relational database management systems such as Oracle, Sybase, and MS SQL Server
- Systems administration experience
- Working knowledge of MS IIS, Apache and Tomcat, WebLogic, or JBoss application servers
- Working knowledge of one or more directories such as Active Directory, IBM Tivoli Directory Server, Oracle Directory Server or Novell eDirectory
CISSP, CISA, CISM, or GIAC certification is desired; non-certified hires are required to become certified within 1 year from the date of hire. Based on an individual's professional background, area of specialization, or industry focus, we recognize that other certifications, credentials, or experience may be more relevant than the listed certifications and therefore may be acceptable substitutes with written consent of Ernst & Young's Americas IT Risk Transformation leadership.
Didn’t find the job appropriate? Report this Job
'%3e %3cpath d='M24 48C37.2548 48 48 37.2548 48 24C48 10.7452 37.2548 0 24 0C10.7452 0 0 10.7452 0 24C0 37.2548 10.7452 48 24 48Z' fill='%23333333' fill-opacity='0.8'/%3e %3cpath fill-rule='evenodd' clip-rule='evenodd' d='M22.5299 19.0115V19.5849V29.0154V31.5316C22.5299 32.3403 23.1967 33 24.004 33C24.8114 33 25.4784 32.3358 25.4784 31.5316V29.0154V19.5849V19.013L29.4885 23.0077C30.0627 23.5795 31.0044 23.5743 31.5733 23.0077C32.1421 22.441 32.1423 21.4975 31.5735 20.9308L30.1054 19.4684C30.0891 19.4504 30.0724 19.4329 30.0551 19.4156L25.0837 14.4634L25.0479 14.4264C24.9234 14.3024 24.7807 14.2055 24.6281 14.1358L24.5952 14.1212C24.5751 14.1126 24.549 14.1022 24.5286 14.0946C24.0039 13.8983 23.3839 14.0068 22.9622 14.4268L22.9533 14.436L21.4743 15.9093C21.4615 15.9211 21.449 15.933 21.4367 15.9452L16.4286 20.934C15.8598 21.5008 15.8545 22.4389 16.4286 23.0108C17.0027 23.5826 17.9394 23.5827 18.5135 23.0109L20.0019 21.5283C20.0147 21.5164 20.0274 21.5043 20.0399 21.492L22.5299 19.0115ZM24.5952 14.1212C24.5751 14.1126 24.549 14.1022 24.5286 14.0946L24.5952 14.1212Z' fill='white'/%3e %3c/g%3e %3cdefs%3e %3cclipPath id='clip0_99_1825'%3e %3crect width='48' height='48' fill='white'/%3e %3c/clipPath%3e %3c/defs%3e%3c/svg%3e "Scroll Up"){kind=small}