Cyber Risk and Compliance Consultant - Senior

At EY, you have the opportunity to shape a career that reflects your uniqueness, leveraging global resources, a supportive environment, an inclusive culture, and advanced technology to unleash your full potential. Your distinctive voice and perspective are valued to contribute to EY's continuous improvement. Join us to create an extraordinary journey for yourself and contribute to a more efficient working world for all.

As a Cyber Risk and Compliance Consultant - Senior at EY, each day presents new challenges and diverse responsibilities. Your role involves collaborating with clients and colleagues, focusing on developing security strategies, designing security controls, advising stakeholders, facilitating workshops, and supporting business development initiatives.

Your primary responsibilities include working in domains such as Strategy, Risk, and Compliance within the Cyber Security practice. You will be encouraged to demonstrate leadership and proactivity, gaining valuable experience by engaging with a broad spectrum of EY's prominent clients. Emphasis is placed on maintaining high-quality work standards, fostering personal and professional growth through formal training, hands-on experience, and mentorship.

To excel in this role, you should possess a degree in Information Security, Cyber Security, Information Technology, Informatics, or related technical fields. Your self-motivation to continuously enhance cybersecurity skills, excellent organizational abilities, and effective time management are essential. Strong communication skills, teamwork proficiency across all organizational levels, and a keen interest in information and cyber security domains are critical for success.

Key qualifications include experience in Cyber Governance, Risk & Compliance (GRC), cyber risk assessments, security strategy design and implementation, governance framework development, security policy enforcement, and familiarity with control frameworks such as ISO 27001/27002, COBIT, NIST, and ITIL. Additionally, expertise in conducting security regulatory assessments, preparing assessment reports, and delivering presentations to senior stakeholders are required.

Desirable qualifications include security-related certifications like CISSP, SSCP, CISM, ISO27001 lead implementer or auditor, CompTIA Security+, and experience in Third Party Risk Management (TPRM), vendor risk assessments, and Information Security Management Systems design and implementation.

EY's mission is to build a better working world by creating sustainable value for clients, society, and the capital markets. Leveraging data and technology, EY teams worldwide offer assurance services, aid client growth and transformation, and operate across various professional domains. By asking insightful questions and seeking innovative solutions, EY teams address the complex challenges of today's world with a focus on building trust and driving progress.