Cyber threats, social media, massive data storage, privacy requirements and continuity of the business as usual require heavy information security measures. As an information security specialist, you will lead the implementation of security solutions for our clients and support the clients in their desire to protect the business. You will belong to an international connected team of specialists helping our clients with their most complex information security needs and contributing toward their business resilience. You will be working with our Advanced Security Centers to access the most sophisticated tools available to fight against cybercrime.
The opportunity
We will support you with career-long training and coaching to develop your skills. As EY is a global leading service provider in this space, you will be working with the best of the best in a collaborative environment. So whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.
Responsibilities:
- You will have responsibility for: - Respond to cyber incidents in crises or urgent situations to mitigate immediate and potential threats. Use mitigation, response and recovery approaches, as needed, to maximize preservation of property, and information security. Investigate and analyze all relevant response activities by collecting forensics evidence and assisting the incident management and incident response lifecycle
- Perform security monitoring and utilize defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network to protect information, information systems, and networks from threats.
- Designing, assessing and implementing technology risk and information security management framework, policies, standards, procedures and solutions such as Enterprise-wide Identity & Access Management (I&AM), Data Loss Prevention (DLP) and Security Information & Event Management (SIEM) solutions, using ISO27001, ISO20000 and CoBIT as the internationally recognized information security and IT service management standards
- Conduct assessments of threats and vulnerabilities; determine deviations from acceptable configurations, enterprise or local policy; assesses the level of risk; and develops and/or recommends appropriate mitigation countermeasures in operational and nonoperational situations.
- You will be expected to take a consultant's approach to the attest / assurance process of a client's operations utilizing our practice methodology to assess our client's operations. You will be responsible for conveying pragmatic solutions to our client's complex business problems through the use of written reports and presentations. The opportunity will be available for you to develop your responsibility in supervising, coaching, developing and leading teams and individual team members.
Requirements
- University degree majoring in accounting, business administration, information systems, computer science, engineering, statistics, accounting, and / or business administration;
- Professional qualifications: CISA, CISM, CISSP, CEH, CISP or other security related qualifications;
- Minimum of 3 years system design / implementation and / or security assessment / IT audit experience with a reputable professional / consulting firm or multi-national corporations; (Candidate with less years of experience will be considered for Senior Associate or Associate positions);
- Practical experience and working knowledge in two or more of the following - business & system processes review, IT auditing, information security management, IT / technology risk management, design and implementation of security solutions such as I&AM, DLP and SIEM, network and system penetration testing, application security testing and code review;
- Familiar with security and control for technologies / enterprise applications: Unix, Windows, Firewall, Routers, SAP, Oracle, Hyperion and/ or evaluating and implementing information security management, IT service management and IT governance framework using ISO27001, ISO20000, ITIL and COBIT respectively;
- Strong fluency in information technology general controls concepts in the areas of systems development, change management, computer operations and access to programs and data; ability to identify and assess business process controls and linkage to IT systems;
- Familiar with security and control for technologies: Unix, Windows, database, Firewall, Router, mobile technologies (e.g., IOS, Android), etc.;
- Excellent communication skills in both oral and written English and Chinese;
- Flexible, self-starter possessing intellectual curiosity;
- Ability to interact with executive levels of client and firm management;
- Effective project management, interpersonal and influencing skills are essential; and
- Flexibility to travel to out-of-town engagements
What we look for
Highly motivated, you will be a good communicator with the ability to contribute confidently to technical security discussions with peers and management. You will be a team player who is not only looking to enhance their own career, but recognizes the value in working well with others and the value of teamwork
What working at EY offers
We offer a competitive remuneration package where you’ll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well-being, insurance, savings and a wide range of discounts, offers and promotions.
Plus, we offer:
- Support and coaching from some of the most engaging colleagues around
- Opportunities to develop new skills and progress your career
- The freedom and flexibility to handle your role in a way that’s right for you
About EY
As a global leader in assurance, tax, transaction and advisory services, we’re using the finance products, expertise and systems we’ve developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. And with a commitment to hiring and developing the most passionate people, we’ll make our ambition to be the best employer by 2020 a reality.
If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.
