EY Senior Information Security Specialist in Dalian, China

Senior Information Security Specialist

Core Business Services

Requisition # DAL0056B

Post Date Apr 05, 2018

Join our Core Business Services (CBS) team and you will help support the important business enablement functions that keep our organization running strong. As a CBS professional, you will work across teams to provide the knowledge, resources and tools that help EY deliver exceptional quality service to our clients, win in the marketplace and support EY’s growth and profitability. Major teams within CBS include Finance, Information Technology, Human Resources, Enterprise Support Services, Brand Marketing and Communications, Business Development, Knowledge and Risk Management.

With so many offerings, you have the opportunity to develop your career through a broad scope of engagements, mentoring and formal learning. That’s how we develop outstanding leaders who team to deliver on our promises to all of our stakeholders, and in so doing, play a critical role in building a better working world for our people, for our clients and for our communities. Sound interesting? Well this is just the beginning. Because whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.

Key responsibilities:

  • Define and provide pragmatic security guidance that balance business benefit and risks.

  • Engage IT project teams throughout the SDLC to identify and prioritize applicable security controls and provide guidance on how to implement these controls

  • Perform risk assessments of information systems and infrastructure

  • Maintain and enhance the Information Security risk assessment methodology

  • Define security configuration standards for platforms and technologies

  • Develop appropriate risk treatment and mitigation options to address security risks identified during security review or audit

  • Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stake-holders

  • Provide knowledge sharing and technical assistance to other team members

  • Act as Subject Matter Expert (SME) in responsible technologies and have deep technical understanding of responsible portfolios

Knowledge, skills and experience requirements:

  • Demonstrated integrity in a professional environment

  • Ability to team well with others to facilitate and enhance the understanding & compliance to security policies

  • Ability to work effectively with customers, management, staff members, vendors, and consultants and articulate findings and recommendations

  • Strong English communication and writing skills are required

  • Strong judgment and analytical ability

  • Excellent interpersonal, communication, organizational, and project management skills

  • Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change

  • Candidates are preferred to hold or be actively pursuing related professional certifications such as CISSP, CISM or CISA

  • Fluent with multiple APAC languages preferred.

Qualifications, certifications and education requirements:

Education

  • Bachelor's degree in Computer Science or a related discipline, or equivalent work experience

  • Advanced degree preferred

Experience

  • Five or more years of experience in an Information Security or Information Technology discipline with demonstrated experience in one or more the following:

  • Experience providing and validating security requirements related to information system design and implementation

  • Experience providing and validating security requirements related to a broad range of operating systems and databases

  • Experience conducting risk assessments, vulnerability assessments, vendor and third party risk assessments and recommending risk remediation strategies

  • Experience in the use of tools and methods to identify security exposures and business risks

  • Knowledge of common information security standards, such as: ISO 27001/27002, NIST, PCI DSS, ITIL, COBIT

  • Familiarity with information system attack methods and vulnerabilities

  • Working experience with the design and engineering of web-based multi-tier information systems and architecture design

  • Working experience with web technologies and programming languages

  • Working experience with operating systems and database platforms

  • Working experience with mobile applications and mobile enterprise application platforms

  • Working experience with more than one of these technologies, i.e. Java, .NET, Oracle, SQL, C++, webSphere, Sharepoint, IIS, etc.

  • Working experience with Cloud solutions.

Who we are

EY is committed to being an inclusive employer and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service while allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.