Risk Consulting Digital Risk Senior Cyber

Job description - Senior Cybersecurity (Risk Consulting Digital Risk)

Requisition ID -

EY focuses on high-ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities. At EY GDS youll have the chance to build a career as unique as you are with global scale support inclusive culture and technology to become the best version of you. And were counting on your unique voice and perspective to help EY GDS become even better too. Join us and build an exceptional experience for yourself and a better working world for all.

The opportunity

The objective of our risk consulting services is to provide clients with a candid and reliable overview of their risk landscape. Our solutions can be used by our clients to build confidence and trust with their customers the overall market and when required by regulation or contract.

For our Cyber Risk services the ideal candidate will support engagements focused on testing and validating cybersecurity controls across organizations. This role involves working closely with IT security teams and business units to ensure that organizations cyber risk posture is aligned with their business objectives and regulatory requirements.

Your key responsibilities

• Work closely with client personnel to analyze risk landscapes and information systems leveraging technical expertise to identify strategic and tactical improvement opportunities.
• Collaborate with engagement teams to plan engagements develop work programs timelines risk assessments and testing procedures.
• Serve as a fieldwork leader by directing daily testing activities informing supervisors of engagement status and managing staff performance.
• Support cyber monitoring and response activities using tools such as CrowdStrike Splunk and Microsoft Sentinel.
• Apply a strong understanding of NIST CSF 2.0 in testing execution and reporting.
• Prepare detailed reports and recommendations aligned with US work product quality standards.

Skills and attributes for success

• Strong fundamentals across the cybersecurity domain including cyber risk management cyber resilience and security policies and procedures.
• Proven experience performing engagements across strategy and governance audits risk assessments and maturity assessments.
• Strong audit mindset with the ability to design execute and evidence control testing across cyber and IT domains; OT exposure is a plus.
• Proven ability to lead multi-location teams manage risks and deliver high-quality outcomes within agreed timelines and budgets.
• Strong written and verbal communication skills in English (non-negotiable).
• Ability to manage time effectively and work in US time zones.
• Ability to inspire teamwork accountability and responsibility within engagement teams.
• Ability to align cyber and cloud security controls with frameworks and standards such as ISO 27001 NIST CSF SOC 2 PCI DSS and privacy expectations.
• Strong written and verbal communication skills in English (non-negotiable).
• Ability to follow defined methodologies instructions and testing procedures.
• Ability to complete assigned tasks within agreed timelines and quality expectations.
• Good understanding of network security (firewalls SD-WAN familiarity with Vectra AI) is a plus.
• Good understanding of cloud security across Azure AWS and GCP is a plus.

To qualify for the role you must have.

• A bachelors degree in Information Technology Cybersecurity Risk Management or a related field
• Proven 36 years of experience in cybersecurity testing or risk assessment.
• Certifications: ISO 27001:2022 CISM CISA CCNA are a plus.
• Familiarity with regulatory frameworks and compliance standards including ISO 27001 ISO 27017 ISO 42001 NIST CSF

Ideally youll also have

Certifications such as CISA CISSP or AWS/Azure/GCP security certifications are preferred.