Security Consulting Lead
Company Name:
Arca24.com
Salary period: Annual
Job
Summary:
As a Security Consulting Lead within EY's internal Global Information Security team, the individual will be a trusted security advisor to an internal multi-year program responsible for delivering ERP and CRM solutions to EY. This individual will oversee a team of Security Consultants who will provide security guidance, identify and prioritize security-related requirements, define security architectures in coordination with domain architects and promote secure-by-default designs and facilitate delivery of information security services throughout the system development life cycle (SDLC). The Security Consulting Lead will also direct consultants in developing appropriate risk treatment and mitigation options to address security vulnerabilities to translate these vulnerabilities into business risk terminology for communication to business stake holders.
Essential functions of the job:
Define and provide pragmatic security guidance that balance business benefit and risks
Engage IT project teams throughout the SDLC to identify and prioritize applicable security controls and provide guidance on how to implement these controls
Perform risk assessments of information systems and infrastructure
Maintain and enhance the Information Security risk assessment methodology
Define security configuration standards for platforms and technologies
Develop appropriate risk treatment and mitigation options to address security risks identified during security review or audit
Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stake-holders
Provide knowledge sharing and technical assistance to other team members
Act as Subject Matter Expert (SME) in responsible technologies and have deep technical understanding of responsible portfolios
Supervision
Responsibilities:
Responsible for the selection and performance management of staff members
Plan the training and development of staff to develop their skills and maintains state-of-the-art knowledge in information security
Evaluate, counsel, mentor and provide feedback on performance of others
Direct the daily progress of project work assigned to staff members, report status to management, and manage staff performance
Requirements
Job Requirements:
Knowledge and skills requirements:
Strategic skills to assist with the development of a long-term vision for the firms risk management security framework & approach
Ability to appropriately balance firm security needs with business impact & benefit
Ability to facilitate compromise to incrementally advance security strategy and objectives
An overall understanding of the business objectives of EY with an ability to build relationships across EY IT
Ability to team well with others to facilitate and enhance the understanding & compliance to security policies
Experience facilitating meetings with multiple customers and technical staff, including building consensus and mediating compromise
High degree of tolerance for ambiguity
Five or more years Working experience with the architecture, design and engineering of web-based multi-tier information systems or network infrastructures
Experience with security architecture, design and assessment of ERP and CRM solutions
Experience conducting risk assessments, vulnerability assessments, vendor and third party risk assessments and recommending risk remediation strategies
Experience working with common information security standards, such as: ISO 27001/27002, NIST, PCI DSS, ITIL, COBIT
Experience:
Five or more years of experience in the management of a significant Information Security risk management function
10 or more years of experience in an Information Security or Information Technology discipline
Experience in managing the communication of security findings and recommendations to IT project teams and management
Exceptional judgment, tact, and decision-making ability
Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change
Outstanding management, interpersonal, communication, organizational, and decision-making skills
Ability to understand and integrate cultural differences and motives and to lead cross cultural teams
Strong English language skills are required
Education:
An advanced degree in Computer Science or a related discipline, or equivalent work experience
Certification requirements:
Candidates are preferred to hold or be actively pursuing related professional certifications within the GIAC family of certifications or CISSP, CISM or CISAEstimated Salary: $20 to $28 per hour based on qualifications.
Arca24.com
Salary period: Annual
Job
Summary:
As a Security Consulting Lead within EY's internal Global Information Security team, the individual will be a trusted security advisor to an internal multi-year program responsible for delivering ERP and CRM solutions to EY. This individual will oversee a team of Security Consultants who will provide security guidance, identify and prioritize security-related requirements, define security architectures in coordination with domain architects and promote secure-by-default designs and facilitate delivery of information security services throughout the system development life cycle (SDLC). The Security Consulting Lead will also direct consultants in developing appropriate risk treatment and mitigation options to address security vulnerabilities to translate these vulnerabilities into business risk terminology for communication to business stake holders.
Essential functions of the job:
Define and provide pragmatic security guidance that balance business benefit and risks
Engage IT project teams throughout the SDLC to identify and prioritize applicable security controls and provide guidance on how to implement these controls
Perform risk assessments of information systems and infrastructure
Maintain and enhance the Information Security risk assessment methodology
Define security configuration standards for platforms and technologies
Develop appropriate risk treatment and mitigation options to address security risks identified during security review or audit
Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stake-holders
Provide knowledge sharing and technical assistance to other team members
Act as Subject Matter Expert (SME) in responsible technologies and have deep technical understanding of responsible portfolios
Supervision
Responsibilities:
Responsible for the selection and performance management of staff members
Plan the training and development of staff to develop their skills and maintains state-of-the-art knowledge in information security
Evaluate, counsel, mentor and provide feedback on performance of others
Direct the daily progress of project work assigned to staff members, report status to management, and manage staff performance
Requirements
Job Requirements:
Knowledge and skills requirements:
Strategic skills to assist with the development of a long-term vision for the firms risk management security framework & approach
Ability to appropriately balance firm security needs with business impact & benefit
Ability to facilitate compromise to incrementally advance security strategy and objectives
An overall understanding of the business objectives of EY with an ability to build relationships across EY IT
Ability to team well with others to facilitate and enhance the understanding & compliance to security policies
Experience facilitating meetings with multiple customers and technical staff, including building consensus and mediating compromise
High degree of tolerance for ambiguity
Five or more years Working experience with the architecture, design and engineering of web-based multi-tier information systems or network infrastructures
Experience with security architecture, design and assessment of ERP and CRM solutions
Experience conducting risk assessments, vulnerability assessments, vendor and third party risk assessments and recommending risk remediation strategies
Experience working with common information security standards, such as: ISO 27001/27002, NIST, PCI DSS, ITIL, COBIT
Experience:
Five or more years of experience in the management of a significant Information Security risk management function
10 or more years of experience in an Information Security or Information Technology discipline
Experience in managing the communication of security findings and recommendations to IT project teams and management
Exceptional judgment, tact, and decision-making ability
Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change
Outstanding management, interpersonal, communication, organizational, and decision-making skills
Ability to understand and integrate cultural differences and motives and to lead cross cultural teams
Strong English language skills are required
Education:
An advanced degree in Computer Science or a related discipline, or equivalent work experience
Certification requirements:
Candidates are preferred to hold or be actively pursuing related professional certifications within the GIAC family of certifications or CISSP, CISM or CISAEstimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
