EY Jobs

Job Information

EY Consultor/a Ciberseguridad-Manager (BCN) in Barcelona, Spain

Consultor/a Ciberseguridad-Manager (BCN)


Requisition # BAR0012Y

Post Date May 28, 2020

The world is changing faster and faster than ever. Our Global Promise: "Building a Better

Working World" leads our more than 260,000 employees around the globe and provides the

foundation for the work we do every day. With our innovative services in auditing, tax consulting,

Transaction and management consulting, we lead our clients into the future.

Our Financial Services organization is the only major Big4 Company with functional and

transnational specialization in the financial services sector.

In our advisory services you are active in management and management consulting. We provide

seamless, consistent and high-quality services to our customers around the world.

About the job

Cyber threats, social media, massive data storage, privacy requirements and continuity of the

business as usual require heavy information security measures. As a cybersecurity specialist,

you will guide our clients to strengthen their cyber defenses. At EY, you will belong to an

international connected team of specialists helping our clients with their most complex

information security needs and contributing toward their business resilience. In simple terms,

you know how to use your deep technical experience and apply that to a business where we

need to battle risk and agility.

We will support you with career-long training and coaching to develop your skills. As EY is a

global leading service provider in this space, you will be working with the best of the best in a

collaborative environment. So, whenever you join, however long you stay, the exceptional EY

experience lasts a lifetime.

About you:

You have very good interpersonal skills so that you can manage to interact directly with clients

and understand their needs. Furthermore, you will have good presentation skills as this will be a

key part of your daily activities. Finally, you will need good analytical skills to get the most out of

each project and client.

Joining us you will be able to find a very friendly yet challenging work environment. You will also

have the possibility to learn from some experts in the field to move forward on your career at the

pace you want to set. Based on this training and development of your skills, you will be able to

continuously keep progressing in your career assuming more responsibilities. You will own the

path of your own career.

To qualify for the role, you must have:

A Bachelor (or equivalent certification) in Computer Science, Information Management

Information Security or other comparable technical degree from an accredited college/university


Worked in the industry for at least 5 years and performed risk assessment, cyber control

reviews, compliance audits, and obtained an understanding of penetration testing, Security

Operations, SIEM or other security areas.

A fluency in Spanish and English, or any other language would be an advantage.

As part of the EY cyber security consulting team, you must be able to:

Demonstrate leadership and adaptability, with willingness to readily and voluntarily take

ownership of highly challenging tasks and problems, even beyond initial scope of responsibility.

Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating

System/Application Penetration Testing, Web Application Penetration Testing, Mobile

Application Testing, Social Engineering and Physical Security Testing would be an advantage as


Participate in developing security roadmap, adopt security best practices, and implement new

ideas and innovations according to the industry trends.

Perform security risk assessment, threat analysis and threat modelling, independent reviews of

clients’ security, network, and applications, to be able to Plan/Design/Execute security related

activities and create artefacts.

Develop clear detailed reports and recommendations based on concrete evidence, to debrief

users and provide remediation strategy on findings.

Stay on-time, on-budget, and within scope of testing activities.

Understand and assimilate different points of view and needs of the clients.

Advise IT on current and emerging threats, their attack vectors, and how to mitigate them.

Ideally, you’ll also have:

Experience in assessing an implementing security and risk standards using ISO 27k, PCI DSS,


Systems security skills in assessment, design, architecture, management and reporting.

Experience in application control and security implementation, program and project delivery

design, architecture and solution design, including security controls and architecture design.

Security-related certifications (CISSP, CISA, CEH, CRISK, ISSAP, GSLC, OSCP, OSCE,

GPEN, or GXPN, etc.).