EY-Digital Risk-Information Security Management-Senior

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

EY-Digital Risk – Information Security Management – Senior

As part of our Digital Risk Consulting, you will be a key member of the Digital Risk Team, delivering client engagements in Information Security and IT Security across various industries in the MENA region. This role involves working with diverse clients and collaborating with other consulting service teams.

The opportunity

We’re looking for Senior Consultant with expertise in Information Security Management System (ISMS) framework and IT Security implementation to join our international network of professionals helping our clients transform risk functions and implement solutions in building resilience. This is a unique opportunity for you to bring both functional and technical knowledge, including gaining experience pursuing and leading a wide array of projects. In addition, you will have the ability to develop and foster client relationships at senior levels of an organization, critical to our account centric approach and your personal growth. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering.

Your key responsibilities

• Delivery of project with focus on quality and timeline. Also considering necessary actions to address client expectations
• Perform detailed information security, cybersecurity and IT security risk assessments
• Provide guidance on information security and risk management concepts, cyber governance and cloud security. (ISO 27001, ISO 31000, SANS, CSC NIST etc.)
• Do end to end implementation of ISMS frameworks for large enterprises in alignment with ISO and global standards.
• Developing policies, procedures and guidelines related to security and business continuity.
• Work on Security Governance, Operations and Audit, Information Security Controls, IT General Controls, Security Exception and Deviation, Vendor Security Management, QA/Compliance and Computer Systems Validation.
• Perform IT internal control testing, develop IT internal audit plans, conduct IT audit closure meetings and provide other IT internal audit services for the MENA stakeholders.
• Assess the client’s current state IT internal controls for the client's IT environment and identify IT risks and subsequent recommendations.
• Conduct internal audit, reviews, current state assessments and benchmarking on information security, cybersecurity and IT security
• Working with client personnel to analyse, evaluate and enhance information systems supporting the business processes, and assisting clients and other technology professionals in performing information technology control audits and information technology control implementation engagements

Skills and attributes for success

• Good understanding of ISO 27001
• Demonstrated ability to handle multiple tasks with shifting deadlines and priorities under limited supervision
• Demonstrated ability to interact effectively, internally and externally with all levels across the company including executive management.
• Knowledge of Network Operations Center (NOC)/Security Operations Center (SOC) operations, Cisco VPN/Security Management System IDS, VPN, Firewalls, Vulnerability assessment, Proxy, Mail Gateway, IPS, SIEM
• Understanding of cloud security standards (CSA), BYOD concepts, Technical security solutions, developing security dashboards etc
• Ability to drive effective discussion with senior management.
• Ability to conduct training for audience ranging from end user to top management
• Deliver project and ensure quality of deliverables
• Experience of working in any large IT/ITES or Financial or insurance industry would be advantage
• Knowledge of IT DR, security solutions would be an added advantage
• Understanding and knowledge of latest cyber developments

To qualify for the role, you must have

• A bachelor's or master's degree
• A minimum of 4-10 years of experience in Information Security/Cybersecurity consulting.
• Excellent communication skills with preferred team management role
• A valid passport for travel.

Ideally, you’ll also have

• MBA/ B Tech /B Sc (any stream)
• CISSP, CISA, CRISK, ISO 27001 LI/LA, CCSP, SANS/GIAC
• Privacy certifications (if any)

What working at EY offers

At EY, we’re dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are.

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you

EY | Building a better working world 

 
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.  

 
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  

 
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.