EY Senior Security Consultant in Wrocław, Poland
Senior Security Consultant
Core Business Services
Requisition # WRO001RV
Post Date Aug 17, 2018
EY Technology is a global organization that works with our internal clients, to provide IT support and solution to client teams, internal support functions and global projects and programs. Over the next few years, EY GDS Poland will increase the number of IT professionals in its center to develop and support EY’s business and internal applications. These professionals include IT project managers, business analysts, software architects, infrastructure engineers.
EY Technology team maintains and enhances EY’s IT infrastructure and works for our internal clients across the globe. You will work with EY locations, supporting our service lines and key business processes or be part a dedicated IT team handling cross-organizational initiatives and transformational projects.
As Information Security Specialist, the individual will be responsible for providing security guidance to IT project teams responsible for delivering business solutions. The Information Security Specialist will identify and prioritize security-related requirements, promote secure-by-default designs and ensure information systems and infrastructure will be secured throughout system development life cycle (SDLC). The Information Security Specialist will also be expected to perform risk assessments of information systems and infrastructure, develop appropriate risk treatment and mitigation options, and effectively articulate findings and recommendations to IT project teams and management. The successful candidate should have solid background in application and/or infrastructure development, broad experience over an array of information security and technical disciplines and be able to provide pragmatic, business-aligned security guidance. The Information Security Specialist will be expected to work on multiple projects and tasks concurrently.
Define and provide pragmatic securityguidance that balance business benefit and risks.
Engage IT project teams throughout theSDLC to identify and prioritize applicable security controls and provideguidance on how to implement these controls
Perform risk assessments ofinformation systems and infrastructure
Maintain and enhance the InformationSecurity risk assessment methodology
Define security configurationstandards for platforms and technologies
Develop appropriate risk treatment andmitigation options to address security risks identified during security reviewor audit
Translate technical vulnerabilitiesinto business risk terminology for business units and recommend correctiveactions to customers and project stake-holders
Provide knowledge sharing andtechnical assistance to other team members
Act as Subject Matter Expert (SME) inresponsible technologies and have deep technical understanding of responsibleportfolios
Toqualify for the role you must have
Five or moreyears of experience in an Information Security or Information Technologydiscipline with demonstrated experience in one or more the following:
Experienceproviding and validating security requirements related to information systemdesign and implementation
Experienceproviding and validating security requirements related to a broad range ofoperating systems and databases
Experienceconducting risk assessments, vulnerability assessments, vendor and third partyrisk assessments and recommending risk remediation strategies
Experiencein the use of tools and methods to identify security exposures and businessrisks
Knowledge ofcommon information security standards, such as: ISO 27001/27002, NIST, PCI DSS,ITIL, COBIT
Familiaritywith information system attack methods and vulnerabilities
Workingexperience with the design and engineering of web-based multi-tier informationsystems and architecture design
Workingexperience with web technologies and programming languages
Workingexperience with operating systems and database platforms
Workingexperience with mobile applications and mobile enterprise application platforms
Workingexperience with more than one of these technologies, i.e. Java, .NET, Oracle,SQL, C++, webSphere, Sharepoint, IIS, etc.
Workingexperience with Cloud solutions.
Demonstratedintegrity in a professional environment
Ability toteam well with others to facilitate and enhance the understanding &compliance to security policies
Ability towork effectively with customers, management, staff members, vendors, andconsultants and articulate findings and recommendations
StrongEnglish communication and writing skills are required
Strongjudgment and analytical ability
Excellentinterpersonal, communication, organizational, and project management skills
Flexibilityto adjust to multiple demands, shifting priorities, ambiguity, and rapid change
Qualifications,certification and education requirements
a Bachelor'sdegree in Computer Science or a related discipline, or equivalent workexperience
Candidatesare preferred to hold or be actively pursuing related professional certificationssuch as CISSP, CISM or CISA
Whowe look for?
We love working with people who are passionate about their job and have amazing skills in their area a think that: you’re an expert in the field with highly developed business and interpersonal skills, you’re always ready to face new professional challenges, you’re a person with a great sense of humor and you’re open to cross-border experiences; it’s a role for you.
Whatworking at EY GDS offers?
In EY GDS you can count on stable employment and upgrading your career. You will get support and coaching from some of the most engaging colleagues around. You will also find the freedom and flexibility to handle your role in the most beneficial way. We offer a unique development opportunity in an international, multicultural environment. You will join a global team with a unique and diverse culture.
Ifyou feel that the role suits your personal goals and career path, please sendus your current resume.
Joinus in building a better working world.Apply now.