Manager -Tech Risk Transformation role at EY involves consulting with organizations on defining, managing, and transforming security strategies. Responsibilities include leading cybersecurity engagements, supporting business development, and providing expertise on security frameworks. This full-time, on-site position in Chennai, Tamil Nadu, India requires 8-10 years of cyber strategy experience and relevant certifications.
Job description
The opportunity
EY is looking for experienced Managers who can provide consulting for organisations on how to define, manage and transform their security. This role will see you take a key position in delivering EY’s cyber security strategies for various clients and supporting new pursuits. You will also be expected to take a leading role in building out EY’s cyber strategy and framework working with alliance partners and advise clients on the current market trends.
The role will see you providing consulting as part of large multi-discipline EY engagement teams working on the likes of cyber transformation, leading specific security engagements reviewing a client’s cyber maturity, advising on improvement roadmaps, assessing a client’s compliance with industry leading security practice standards.
Your key responsibilities
A large part of your role will be engagement delivery and provide support to executives for business development. We’ll expect you to lead and deliver cybersecurity engagements focussed on cyber strategy and cyber program management with very minimal supervision. We also expect you to support executives in development of proposals, presentations and other business development activities. You will be responsible for the delivery and quality of the cybersecurity activities to our clients.
You will have responsibility for;
- Contribute in assessing and implementing security and risk standards including ISO 27001, NIST, ITIL, COBIT
- Conduct Information Security Risk Assessment against leading practice frameworks and common standards. Possess systems security skills in assessment, management and reporting.
- Assist client in managing and transforming their Information Security Programs.
- Evaluate and analyze threat, vulnerability, impact and risk to security issues discovered from security assessments.
- Advise clients on the IT security issues, including explanation on the technical details and how they can remediate the vulnerabilities in the systems based on the current state assessment of their security environment
- Lead or commission suitable cybersecurity awareness, training and educational activities
- Lead or commission cybersecurity risk assessments and controls selection activities
- Your role will broadly constitute 80% engagement delivery and 20% business development.
Skills and attributes for success
An existing track record of successful engagement delivery in building cyber security strategy and security roadmap is expected of all candidates for this role. A Big 4 background or comparable consulting experience is highly advantageous. A broad background across security domains is expected with specific experience in two or more of the following areas, essential;
- Knowledge in information security and 8 to 10 years of hands-on experience with key components of cybersecurity consulting:
- Experience in working independently or as part of a large team to delivery Cyber services on its own or within large complex projects.
- Practical experience with conducting risk assessments and testing of controls
- Excellent analytical skills and knowledge of data analytics methods
- Possession of the CISA, ISO 27001 LA/LI certification or equivalent
- Demonstrated leadership abilities
- Performed information security implementation
- Expertise in ISO 27001 and sub-standards
- Good understanding of leading cyber resilience frameworks
- Managed different kinds of continuity exercises and tests
- Conducted cyber-attack simulation exercises
- Ability to review the IT infrastructure and network architecture
- Should be able to drive top management meetings
- Ability to guide team to execute project with top quality
- Mentor and guide team
- Ability to conduct training for audience ranging from end user to top management
- Manage project and ensure quality of deliverables
- Able to conduct continuity review and audits
- Must have flair in understanding new technologies
- Excellent interpersonal, written, verbal, communication, and presentation skills
- Excellent command in written and spoken English
- Experience in managing professional service project teams
To qualify for the role, you must have
- A bachelor's or master's degree B.E/B.Tech/M.Tech
- 8-10 years of experience in cyber strategy and knowledge in Information security
- Certifications ISO 27001/ISO 22301/CISA/CISSP/CRISC
- Excellent communication skills with consulting experience preferred
- Willingness to travel and work from Middle East client locations and in particular Saudi Arabia