EY GDS Risk Advisory - Cybersecurity Third Party Security Risk Management Associate Consultant in All, Philippines
Title: GDS Risk Advisory - Cybersecurity Third Party Security Risk Management Associate Consultant
Location: PH-All-Taguig City
Job Number: TAG0001V
As many organizations have learned, sometimes the hard way, cyber attacks are no longer a matter of if, but when.
For EY Advisory a better working world means solving big, complex industry issues and capitalizing on opportunities to help deliver outcomes that grow, optimize and protect our clients' businesses.
Our global mindset and collaborative culture across our diverse team of consultants and industry professionals inspire us to ask better questions about the cybersecurity challenges you face. We then team with you to co-create more innovative answers – to activate a foundation that protects the business as it is today, adapt that foundation as the organization and threats change, and anticipate attacks that may be coming.
Together, we help you deliver better outcomes and long-lasting results, from strategy to execution.
The Cybersecurity Transformation Consultants have primary responsibilities in driving EY’s Third Party Security Risk Management programs, including but not limited to the following: Assessment, Governance, Mitigating Controls and Methodologies. Candidates are expected to work actively on customer projects which involves a wide range of activities in the areas mentioned.
Engage in Cyber Transformation projects and work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating senior team members on the engagement’s progress
Prepare reports and schedules that will be delivered to clients and other parties
Demonstrate an application and solution-based approach to the problem solving technique
Review working papers and client folders. Suggest ideas on improving engagement productivity and identify opportunities for improving client service
Manage the engagement budgets and support in developing marketing collaterals, business proposals and new solution / methodology development
Perform Information Security Risk Management for Critical, High, and Moderate rated third party providers
Design and implement methodology to consolidate and manage vendor inventory, classifications, concentration risk and other key risk indicators
Advise clients on the IT security issues, including explanation on the technical details and how they can remediate the vulnerabilities in the systems
Work on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets
Ability to communicate in a clear and concise manner
Ability to prioritize tasks and work accurately under pressure in order to meet deadlines
Proven knowledge of cyber / information security concepts
Experience in vendor security risk management (Risk Assessment, Risk Governance, Mitigation Controls, Risk Methodologies)
Good Familiarity with regulatory standards and frameworks such as ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, NIST standards on Cyber Security, HITRUST, FISMA, HIPAA, MAS, ITIL, COBIT etc.
Proven knowledge and experience with technical requirements gathering, verification/validation planning, compliance assessment and reporting
Certifications: ISO 27001 Lead Auditor and Lead Implementer
1-3 years' work experience
Must be amenable to work in McKinley Hill, Taguig and/or Makati and/or Ortigas