EY Senior Security Consultant in Wrocław, Poland

Senior Security Consultant

Core Business Services

Requisition # WRO001RV

Post Date Aug 17, 2018

EY Technology is a global organization that works with our internal clients, to provide IT support and solution to client teams, internal support functions and global projects and programs. Over the next few years, EY GDS Poland will increase the number of IT professionals in its center to develop and support EY’s business and internal applications. These professionals include IT project managers, business analysts, software architects, infrastructure engineers.

EY Technology team maintains and enhances EY’s IT infrastructure and works for our internal clients across the globe. You will work with EY locations, supporting our service lines and key business processes or be part a dedicated IT team handling cross-organizational initiatives and transformational projects.


As Information Security Specialist, the individual will be responsible for providing security guidance to IT project teams responsible for delivering business solutions. The Information Security Specialist will identify and prioritize security-related requirements, promote secure-by-default designs and ensure information systems and infrastructure will be secured throughout system development life cycle (SDLC). The Information Security Specialist will also be expected to perform risk assessments of information systems and infrastructure, develop appropriate risk treatment and mitigation options, and effectively articulate findings and recommendations to IT project teams and management. The successful candidate should have solid background in application and/or infrastructure development, broad experience over an array of information security and technical disciplines and be able to provide pragmatic, business-aligned security guidance. The Information Security Specialist will be expected to work on multiple projects and tasks concurrently.

Yourkey responsibilities

  • Define and provide pragmatic securityguidance that balance business benefit and risks.

  • Engage IT project teams throughout theSDLC to identify and prioritize applicable security controls and provideguidance on how to implement these controls

  • Perform risk assessments ofinformation systems and infrastructure

  • Maintain and enhance the InformationSecurity risk assessment methodology

  • Define security configurationstandards for platforms and technologies

  • Develop appropriate risk treatment andmitigation options to address security risks identified during security reviewor audit

  • Translate technical vulnerabilitiesinto business risk terminology for business units and recommend correctiveactions to customers and project stake-holders

  • Provide knowledge sharing andtechnical assistance to other team members

  • Act as Subject Matter Expert (SME) inresponsible technologies and have deep technical understanding of responsibleportfolios

Toqualify for the role you must have

  • Five or moreyears of experience in an Information Security or Information Technologydiscipline with demonstrated experience in one or more the following:

  • Experienceproviding and validating security requirements related to information systemdesign and implementation

  • Experienceproviding and validating security requirements related to a broad range ofoperating systems and databases

  • Experienceconducting risk assessments, vulnerability assessments, vendor and third partyrisk assessments and recommending risk remediation strategies

  • Experiencein the use of tools and methods to identify security exposures and businessrisks

  • Knowledge ofcommon information security standards, such as: ISO 27001/27002, NIST, PCI DSS,ITIL, COBIT

  • Familiaritywith information system attack methods and vulnerabilities

  • Workingexperience with the design and engineering of web-based multi-tier informationsystems and architecture design

  • Workingexperience with web technologies and programming languages

  • Workingexperience with operating systems and database platforms

  • Workingexperience with mobile applications and mobile enterprise application platforms

  • Workingexperience with more than one of these technologies, i.e. Java, .NET, Oracle,SQL, C++, webSphere, Sharepoint, IIS, etc.

  • Workingexperience with Cloud solutions.

  • Demonstratedintegrity in a professional environment

  • Ability toteam well with others to facilitate and enhance the understanding &compliance to security policies

  • Ability towork effectively with customers, management, staff members, vendors, andconsultants and articulate findings and recommendations

  • StrongEnglish communication and writing skills are required

  • Strongjudgment and analytical ability

  • Excellentinterpersonal, communication, organizational, and project management skills

  • Flexibilityto adjust to multiple demands, shifting priorities, ambiguity, and rapid change

Qualifications,certification and education requirements

  • a Bachelor'sdegree in Computer Science or a related discipline, or equivalent workexperience

  • advanceddegree preferred

  • Candidatesare preferred to hold or be actively pursuing related professional certificationssuch as CISSP, CISM or CISA

Whowe look for?

We love working with people who are passionate about their job and have amazing skills in their area a think that: you’re an expert in the field with highly developed business and interpersonal skills, you’re always ready to face new professional challenges, you’re a person with a great sense of humor and you’re open to cross-border experiences; it’s a role for you.

Whatworking at EY GDS offers?

In EY GDS you can count on stable employment and upgrading your career. You will get support and coaching from some of the most engaging colleagues around. You will also find the freedom and flexibility to handle your role in the most beneficial way. We offer a unique development opportunity in an international, multicultural environment. You will join a global team with a unique and diverse culture.

Ifyou feel that the role suits your personal goals and career path, please sendus your current resume.

Joinus in building a better working world.Apply now.