Job Views:  
6812
Applications:  47
Recruiter Actions:  0

Posted in

IT & Systems

Job Code

442413

EY - Senior Consultant - Cyber Security - Financial Services

5 - 6 Years.Mumbai
Posted 7 years ago
Posted 7 years ago

Job Description (Senior Consultant - Cyber Security)

Ernst & Young's Financial Services IT Risk & Assurance's Information Security sub-service line provides knowledge in leading practices and methods in the space of information security across the financial services sectors.

This team helps our clients assess, design, implement and maintain a secure and high performance business environment. Services include:

Security strategy : Assess, design and implement a security strategy and governance program framework that describes the process, controls, organization and infrastructure to manage information security related concerns.

Security implementation : Design, implement and integrate security solutions to address enterprise risks and exposures.

Security governance : Design and implement security policies, procedures and standards that describe pragmatic, risk-based mechanisms to maintain the confidentiality, integrity and availability of information systems and the data processed therein.

Security monitoring : Design and implement security solutions to monitor the efficiency and effectiveness of security operations, controls and infrastructure.

Two key themes that span our Information Security sub-service line are Data Protection (DP) and Identity and Access Management (IAM) services.

IT Infrastructure Assessments : Assess the architecture and design of IT Infrastructure set-up, conduct tests for performance, scalability, resiliency/redundancy and capacity and provide recommendations to improve the IT posture.

Ernst & Young is currently seeking a Senior Consultant to become a member of the Information Security sub-service line.

Responsibilities :

- Deliver information security projects as part of an integrated team of Advisory professionals.

- Define technical and business requirements for information security solutions.

- Define information security processes and policies which secure and enable the business.

- Enforce business, privacy and security policies.

- Implement IT and information security related technology products.

- Review, assess, benchmark and develop issue remediation action plans for all aspects of information security programs and technologies.

- Develop information security strategies, architectures and implementation plans.

- Perform basic supervisory duties to mentor and coach junior staff. Develop people through effectively delegating tasks and providing guidance to staff.

- Assign and review the work of more junior employees and assist in the preparation of the final work products in order to confirm the work is performed with the highest quality standards.

- Provide performance feedback and training, and conduct performance reviews.

- Foster an efficient, innovative, and team-oriented work environment.

To qualify, candidates must have :

- A bachelor's degree and approximately 5 -6 years of related work experience

- A degree in computer science, information systems, engineering, or business preferred

- Approximately 2-3 years of related work experience in developing, implementing or architecting information security systems

- A strong understanding of information security regulatory requirements and compliance issues

- Knowledge of general security concepts and methods such as vulnerability assessments, privacy assessments, intrusion detection, incident response, security policy creation, enterprise security strategies, architectures and governance

- Understanding of networking (TCP/IP, OSI model), operating system fundamentals (Windows, UNIX, mainframe), security technologies (firewalls, IDS/IPS, etc.) and application programming/scripting languages (C, Java, Perl, Shell)

- Experience in process definition, workflow design and process mapping

- Demonstrated ability to contribute to the development of client deliverables and technical content

- Advanced written and verbal communications skills

- Excellent leadership and teaming skills

- Demonstrated integrity within a professional environment

- Ability to travel at least 75%

Experience in at least one of the following areas :

- Security Monitoring

- Log monitoring, correlation and analysis

- Privileged access management

- Security operations center - response team, incident handler, management

- Infrastructure Security, Performance & Optimization

- Network Infrastructure set-up and design

- Network Infrastructure design assessments (architecture diagrams, walkthroughs)

- Network performance assessments (testing for network performance, throughput, resiliency, redundancy and capacity)

- Hands-on Networking products and tools like Routers, Switches, Storage Area Network, Load Balancers

- Data Protection

- Data classification

- Email surveillance

- Information boundaries

- Encryption (Whole disk, end-to-end email, key management, database, etc)

- Experience developing DP strategies, architectures and implementation plans

- Identity and access management

- User provisioning process and lifecycle

- Enterprise directory architecture and design

- Role based access control

- Entitlement review and certification

- Entitlement management

- Single sign on

- Identity federation

- Privileged access management

- Experience developing IAM strategies, architectures and implementation plans

Experience implementing and integrating products such as :

Security Monitoring :

- Symantec Security Incident & Event Management

- RSA Envision

- HP Arcsight

Data Protection products :

- Symantec Data Loss Prevention products (formerly Vontu)

- RSA Data Loss Prevention Suite

- Websense

- Titus Labs

- Varonis DatAdvantage and DataPrivilege

Identity and Access Management products :

- Oracle Identity Management

- Sun Identity Manager

- IBM Tivoli Identity Manager

- Aveksa Compliance Manager

- SailPoint IdentityIQ

Additional skills desired :

- Prior Big 4, advisory or system integrator experience

- Ability to identify and resolve complex issues and develop innovative solutions (advisory skills) for the client's business and technology goals

- Working knowledge of relational database management systems such as Oracle, Sybase, and MS SQL Server

- Systems administration experience

- Working knowledge of MS IIS, Apache and Tomcat, WebLogic, or JBoss application servers

- Working knowledge of one or more directories such as Active Directory, IBM Tivoli Directory Server, Oracle Directory Server or Novell eDirectory

- CISSP, CISA, CISM, or GIAC certification is desired; non-certified hires are required to become certified within 1 year from the date of hire.

- Based on an individual's professional background, area of specialization, or industry focus, we recognize that other certifications, credentials, or experience may be more relevant than the listed certifications and therefore may be acceptable substitutes with written consent of Ernst & Young's Americas IT Risk Transformation leadership.

Didn’t find the job appropriate? Report this Job

Job Views:  
6812
Applications:  47
Recruiter Actions:  0

Posted in

IT & Systems

Job Code

442413

UPSKILL YOURSELF

My Learning Centre

Explore CoursesArrow