EY GDS Risk Advisory - Cybersecurity Third Party Security Risk Management Associate Consultant in All, Philippines

Title: GDS Risk Advisory - Cybersecurity Third Party Security Risk Management Associate Consultant

Location: PH-All-Taguig City

Job Number: TAG0001V

As many organizations have learned, sometimes the hard way, cyber attacks are no longer a matter of if, but when.

For EY Advisory a better working world means solving big, complex industry issues and capitalizing on opportunities to help deliver outcomes that grow, optimize and protect our clients' businesses.

Our global mindset and collaborative culture across our diverse team of consultants and industry professionals inspire us to ask better questions about the cybersecurity challenges you face. We then team with you to co-create more innovative answers – to activate a foundation that protects the business as it is today, adapt that foundation as the organization and threats change, and anticipate attacks that may be coming.

Together, we help you deliver better outcomes and long-lasting results, from strategy to execution.


The Cybersecurity Transformation Consultants have primary responsibilities in driving EY’s Third Party Security Risk Management programs, including but not limited to the following: Assessment, Governance, Mitigating Controls and Methodologies. Candidates are expected to work actively on customer projects which involves a wide range of activities in the areas mentioned.

  • Engage in Cyber Transformation projects and work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating senior team members on the engagement’s progress

  • Prepare reports and schedules that will be delivered to clients and other parties

  • Demonstrate an application and solution-based approach to the problem solving technique

  • Review working papers and client folders. Suggest ideas on improving engagement productivity and identify opportunities for improving client service

  • Manage the engagement budgets and support in developing marketing collaterals, business proposals and new solution / methodology development

  • Perform Information Security Risk Management for Critical, High, and Moderate rated third party providers

  • Design and implement methodology to consolidate and manage vendor inventory, classifications, concentration risk and other key risk indicators

  • Advise clients on the IT security issues, including explanation on the technical details and how they can remediate the vulnerabilities in the systems

  • Work on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets

  • Ability to communicate in a clear and concise manner

  • Ability to prioritize tasks and work accurately under pressure in order to meet deadlines

Required Skills:

  • Proven knowledge of cyber / information security concepts

  • Experience in vendor security risk management (Risk Assessment, Risk Governance, Mitigation Controls, Risk Methodologies)

  • Good Familiarity with regulatory standards and frameworks such as ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, NIST standards on Cyber Security, HITRUST, FISMA, HIPAA, MAS, ITIL, COBIT etc.

Preferred Skills:

  • Proven knowledge and experience with technical requirements gathering, verification/validation planning, compliance assessment and reporting

  • Certifications: ISO 27001 Lead Auditor and Lead Implementer


  • Bachelor's Degree

  • 1-3 years' work experience

  • Must be amenable to work in McKinley Hill, Taguig and/or Makati and/or Ortigas