EY Director, Cyber Security, London in London, United Kingdom
Director, Cyber Security, London
Requisition # LON00D4V
Post Date May 08, 2018
Want to be part of an already market leading Cyber Practice? EY are looking for Cyber Directors to help drive and shape the next wave in our development. Are you up for the challenge?
Cyber Security is one of the most important risks facing businesses today. Systems and processes are becoming increasingly interconnected and automated and many organisations are now reliant upon technology to drive business strategy and growth. As the reliance on technology grows, the risks increase also. For leading companies across all sectors, Cybersecurity is now a critical board agenda item. Our clients are overwhelmingly turning to EY for help and guidance on how to protect their assets,minimisebusiness disruption and improve security as they continue to exploit technology and the Internet of things (IoT).
The threat landscape and challenges facing our clients has changed dramatically over the last few years and so has our EY Cyber practice. With new senior leadership in the UK and EMEIA we are transforming our cyber practice, strengthening our core services, developing new service offerings and changing the way we help our clients. With investment secured, we are now looking for UK Cyber Directors to join the senior leadership team in London. There are genuine opportunities to own and shape and area of our practice and progress through to partner. We are looking for excellent people with the strong cyber experience, excellent market facing skills and the personal drive and passion to help shape and deliver our exciting growth strategy.
Being part of a dynamic, growing organisation offers an exciting career path full of opportunity. EY’s UKI Cyber Practice is part of a global cyber team of over 1000 professionsfocused on developing, selling and delivering leading edge security transformation programmes, cyber threat management, identity and access management, data protection and privacy, and resilience services.
Role and Responsibilities
To be a Director in our UK Cybersecurity practice you will already be a senior and qualified security practitioner. We will expect you to already be operating within another Big 4 or equivalent consulting practice have strong market facing skills and an already proven track record of business development. You will need to proactively identify opportunities, build strong relationships with clients and become their trusted advisor through the delivery of high quality cyber programmes. You will help clients with vary levels of cyber maturity through their entire journey, from assessing and advising, to designing and building transformation programmes and specific security solutions, to implementing and also managing security solutions, often alongside selected market leading vendors.
You’ll already be highly experienced in at least one of our core service offerings listed above and have the knowledge of capability to help our clients in increasingly important areas of cloud security, Industrial control system security, IoT. As businesses are having to change and adapt to emerging technology, so are EY. We’ll therefore expect you to have the capability to contribute to the development of the next wave of security offerings whether these are in robotics, cyber analytics Automation or AI. Existing experience and skills in these area will be an advantage, but the appetite and capability to help develop our services is equally as critical.
At Director level, a large proportion of your time will be meeting with senior stakeholders of leading UK businesses (70%). You therefore be highly motivated, a good communicator you have the ability to convey complex technical content in business language to board level. You’ll also be responsible for managing teams and delivering high quality work (30%) You’ll therefore need to be a team player who is not only looking to enhance their own career, but recognises the value in developing others, acting as mentor and counsellor to strengthening the team.
Experience and Background
Prior director level experience leading client engagements is required as a minimum to apply for this role. A Big 4 background or comparable consulting experience is highly advantageous together although we will consider candidates working in C-suite CIO/CISO positions who have prior consulting experience. The market facing element of the role is essential and therefore candidates without experience of business development across leading UK organisations need not apply for this role. A broad background across security is expected with specific experience in 5 or more of the following areas essential:
Security operations centre strategy, assessment, designing and implementing security operations centre strategy, governance frameworks over processes, controls, organisation and infrastructure to management cyber security
Security transformation programmes – design and management of security operations solutions implementations and / or remediation programmes to address risks across security operations centres including AV, patching, secure build, vulnerability scanning & remediation, logging and monitoring, segregation, threat management, user awareness
Security policies and procedures, design and implementation of security policies, procedures, standards and controls in particular in Managed Security operation centres and in line with regulation and/or current standards, ISO27001, NIST, SANS etc
Designing and delivering identity & access management programmes, including privileged access management (experience of key vendors in this area is an advantage)
Breach and incident management, design and implementation of breach and major incident management practices within EMEIA/ global organisations
Data protection & privacy, including data loss prevention, data and information classification and handling, UK, EU and other jurisdiction data protection regulations, specifically including GDPR
Resilience, design and implementation of programmes to improve IT Disaster Recovery, Business Continuity within managed security operations centres and across the whole estate Security vendor relationship experience in Big 4 or other organisation in support of Managed Cyber as a service offerings
SOC – Industry experience of setting up, developing and implementing a commercial Security Operations Centre
Incident Response – experience managing an IR team, designing IR programs, implementing IR within clients
Cyber Threat Management – experience designing, implementing, and managing Cyber Threat Management frameworks and programmes
Vulnerability Management - experience designing, implementing, and managing Vulnerability Management frameworks and programmes
Cyber Testing - experience designing, implementing, and managing Cyber Penetration Testing programmes
Threat Intelligence - experience designing, implementing, and managing Threat Intelligence programmes
Experience in multiple Security Information Event Management Systems (SIEM)
Strong academic record, to degree level or equivalent industry experience
Security relation qualifications such as CISSP, CISM, CISMP, CISA, ISSMP, ISO27001 lead implementer or auditor, MBCI, IAPP(desirable)
Cyber Analytics, Big data experience (advantageous)
Key sector experience desired
- Government & Public sector / Energy & Utilities / Retail and Consumer products / Life sciences / Telecoms, Media and Technology / Transport
If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.
Build your legacy with us.