Ernst & Young LLP Alpharetta , GA 30023
Join our Core BusinessServices (CBS) team and you will help support the important business enablementfunctions that keep our organization running strong. As a CBS professional, youwill work across teams to provide the knowledge, resources and tools that helpEY deliver exceptional quality service to our clients, win in the marketplaceand support EY's growth and profitability. Major teams within CBS include
Finance, Information Technology, Human Resources, Enterprise Support Services,Brand Marketing and Communications, Business Development, Knowledge and RiskManagement.
With so many offerings,you have the opportunity to develop your career through a broad scope ofengagements, mentoring and formal learning. That's how we develop outstandingleaders who team to deliver on our promises to all of our stakeholders, and inso doing, play a critical role in building a better working world for ourpeople, for our clients and for our communities. Sound interesting? Well thisis just the beginning. Because whenever you join, however long you stay, theexceptional EY experience lasts a lifetime.
As an Information Security Consultant, theindividual will provide security guidance to internal IT project teamsresponsible for delivering business solutions, with focus on Office 365. TheInformation Security Consultant will identify and prioritize security-relatedrequirements, promote secure-by-default designs and ensure information systemsand infrastructure will be secured throughout system development life cycle(SDLC).
The Information Security Consultant will alsobe expected to perform risk assessments of information systems andinfrastructure, develop appropriate risk treatment and mitigation options, andeffectively articulate findings and recommendations to IT project teams andmanagement. The successful candidate must have solid background of securitydevices and controls used in the infrastructure. The Information Security Specialist will beexpected to work on multiple projects and tasks concurrently.
Knowledge, Skills, and Experience Requirements
A minimum of 8-10 years of experience in anInformation Security or Information Technology discipline
A good understanding of hosting criticalworkloads in cloud platforms, including Amazon AWS, Microsoft Azure, Office 365.
Specific experience in Exchange Online,Exchange On-Prem and other O365 services / deployments and the challenges withsecurity.
Experience in defining security for PaaSand IaaS implementations; Such as system configuration, policy, tenant policyrestrictions, access control, authentication (including federation), data atrest, and data in transit security.
A thorough understanding of the OWASP Top10 vulnerabilities, risk and impact such as Injection, Broken Authenticationand Session Management, XSS, CSRF, Security misconfiguration and others.
Knowledgeable with Vulnerability scanningand Penetration testing methodology
Working experience in performing securityassessments of applications.
Experience defining security controlrequirements related to IT infrastructure and multi-tier information systems.
Develop appropriate risk treatment andmitigation options to address security risks identified during security reviewor assessments
Knowledge of common information securitystandards and risk methodologies, such as: ISO 27001/27002, NIST, PCI DSS,ITIL, COBIT
Ability to document business and technicalrequirements, reports, Minimum Security Baselines and presentations.
Translate technical vulnerabilities intobusiness risk terminology for business units and recommend corrective actionsto customers and project stake-holders
Ability to team well with others tofacilitate and enhance the understanding & compliance to security policies
Excellent interpersonal, communication,organizational, and project management skills
Flexibility to adjust to multiple demands, shifting priorities,ambiguity, and rapid change
Qualifications, Certifications, and EducationRequirements
Bachelor's degree in Computer Science or arelated discipline, or equivalent work experience
Candidates are preferred to hold or be actively pursuing relatedsecurity professional certifications such as CISSP, CISM or CISA