EY Senior Information Security Specialist in Shanghai, China
Senior Information Security Specialist
Core Business Services
Requisition # SHA000ZO
Post Date Apr 05, 2018
Join our Core Business Services (CBS) team and you will help support the important business enablement functions that keep our organization running strong. As a CBS professional, you will work across teams to provide the knowledge, resources and tools that help EY deliver exceptional quality service to our clients, win in the marketplace and support EY’s growth and profitability. Major teams within CBS include Finance, Information Technology, Human Resources, Enterprise Support Services, Brand Marketing and Communications, Business Development, Knowledge and Risk Management.
With so many offerings, you have the opportunity to develop your career through a broad scope of engagements, mentoring and formal learning. That’s how we develop outstanding leaders who team to deliver on our promises to all of our stakeholders, and in so doing, play a critical role in building a better working world for our people, for our clients and for our communities. Sound interesting? Well this is just the beginning. Because whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.
Define and provide pragmatic security guidance that balance business benefit and risks.
Engage IT project teams throughout the SDLC to identify and prioritize applicable security controls and provide guidance on how to implement these controls
Perform risk assessments of information systems and infrastructure
Maintain and enhance the Information Security risk assessment methodology
Define security configuration standards for platforms and technologies
Develop appropriate risk treatment and mitigation options to address security risks identified during security review or audit
Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stake-holders
Provide knowledge sharing and technical assistance to other team members
Act as Subject Matter Expert (SME) in responsible technologies and have deep technical understanding of responsible portfolios
Knowledge, skills and experience requirements:
Demonstrated integrity in a professional environment
Ability to team well with others to facilitate and enhance the understanding & compliance to security policies
Ability to work effectively with customers, management, staff members, vendors, and consultants and articulate findings and recommendations
Strong English communication and writing skills are required
Strong judgment and analytical ability
Excellent interpersonal, communication, organizational, and project management skills
Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change
Candidates are preferred to hold or be actively pursuing related professional certifications such as CISSP, CISM or CISA
Fluent with multiple APAC languages preferred.
Qualifications, certifications and education requirements:
Bachelor's degree in Computer Science or a related discipline, or equivalent work experience
Advanced degree preferred
Five or more years of experience in an Information Security or Information Technology discipline with demonstrated experience in one or more the following:
Experience providing and validating security requirements related to information system design and implementation
Experience providing and validating security requirements related to a broad range of operating systems and databases
Experience conducting risk assessments, vulnerability assessments, vendor and third party risk assessments and recommending risk remediation strategies
Experience in the use of tools and methods to identify security exposures and business risks
Knowledge of common information security standards, such as: ISO 27001/27002, NIST, PCI DSS, ITIL, COBIT
Familiarity with information system attack methods and vulnerabilities
Working experience with the design and engineering of web-based multi-tier information systems and architecture design
Working experience with web technologies and programming languages
Working experience with operating systems and database platforms
Working experience with mobile applications and mobile enterprise application platforms
Working experience with more than one of these technologies, i.e. Java, .NET, Oracle, SQL, C++, webSphere, Sharepoint, IIS, etc.
Working experience with Cloud solutions.
Who we are
EY is committed to being an inclusive employer and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service while allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.