EY Lead Security Consultant in Alpharetta, Georgia

Title: Lead Security Consultant

Location: US-GA-Alpharetta

Job Number: ALP001FN

Join our Core Business Services (CBS) team and you will help support the important business enablement functions that keep our organization running strong. As a CBS professional, you will work across teams to provide the knowledge, resources and tools that help EY deliver exceptional quality service to our clients, win in the marketplace and support EY’s growth and profitability. Major teams within CBS include Finance, Information Technology, Human Resources, Enterprise Support Services, Brand Marketing and Communications, Business Development, Knowledge and Risk Management.

Job summary

As a Lead Security Consultant within EY’s internal Global Information Security organization, the individual will act as a trusted security advisor to technology organizations support EY’s Assurance Service Line. The Lead Security Consultant will manage a global team of security consultants in support of end-to-end delivery of technology solutions supporting a range of EY services including Audit, Financial Account Advisory Services, Fraud Investigation & Discovery Services (FIDS), and Private Client Services.

The Lead Security Consultant will engage in programs and projects overseeing a team of Security Consultants defining security architectures in coordination with domain architects, providing security guidance, identifying and prioritizing security-related requirements, promoting secure-by-default designs and facilitating delivery of information security services throughout the system development life cycle (SDLC). The Lead Security Consultant will also direct consultants in developing appropriate risk treatment and mitigation options to address security vulnerabilities to translate these vulnerabilities into business risk terminology for communication to Assurance Client Technology leadership.

Essential functions of the job

• Responsible for the selection and performance management of staff members

• Plan the training and development of staff to develop their skills and maintains state-of-the-art knowledge in information security

• Evaluate, counsel, mentor and provide feedback on performance of others

• Direct the daily progress of project work assigned to staff members, report status to management, and manage staff performance

• Define security architectures and provide pragmatic security guidance that balance business benefit and risks.

• Engage IT project teams throughout the SDLC to identify and prioritize applicable security controls and provide guidance on how to implement these controls

• Perform risk assessments of information systems and infrastructure

• Maintain and enhance the Information Security risk assessment methodology

• Define security configuration standards for platforms and technologies

• Develop appropriate risk treatment and mitigation options to address security risks identified during security review or audit

• Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stake-holders

• Provide knowledge sharing and technical assistance to other team members

• Act as Subject Matter Expert (SME) in responsible technologies and have deep technical understanding of responsible portfolios

Knowledge and skills requirements

• Strategic skills to assist with the development of a long-term vision for the firms risk management security framework & approach

• Ability to appropriately balance firm security needs with business impact & benefit

• Ability to facilitate compromise to incrementally advance security strategy and objectives

• An overall understanding of the business objectives of EY with an ability to build relationships across EY IT

• Ability to team well with others to facilitate and enhance the understanding & compliance to security policies

• Experience facilitating meetings with multiple customers and technical staff, including building consensus and mediating compromise

• High degree of tolerance for ambiguity

• Five or more years Working experience with the architecture, design and engineering of web-based multi-tier information systems or network infrastructures

• Experience with security architecture, design and assessment of cloud solutions including hybrid.

• Experience conducting risk assessments, vulnerability assessments, vendor and third party risk assessments and recommending risk remediation strategies

• Experience working with common information security standards, such as: ISO 27001/27002, NIST, PCI DSS, ITIL, COBIT

Job Requirements


An advanced degree in Computer Science or a related discipline, or equivalent work experience


• Five or more years of experience in the management of a significant Information Security risk management function

• 10 or more years of experience in an Information Security or Information Technology discipline

• Experience in managing the communication of security findings and recommendations to IT project teams and senior leadership

• Leading global and virtual teams

• Exceptional judgment, tact, and decision-making ability

• Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change

• Outstanding management, interpersonal, communication, organizational, and decision-making skills

• Ability to understand and integrate cultural differences and motives and to lead cross cultural teams

• Strong English language skills are required

Certification requirements

Candidates are preferred to hold or be actively pursuing related professional certifications within the GIAC family of certifications, CISSP, CISM