The world is changing faster andfaster than ever. Our Global Promise : "Building a Better
WorkingWorld" leads our more than 260,000 employees around the globe and providesthe
foundation for the work we do every day. With our innovative services inauditing, tax consulting,
Transaction and management consulting, we lead ourclients into the future.
Our Financial Services organizationis the only major Big4 Company with functional and
transnational specializationin the financial services sector.
In our advisory services you are active inmanagement and management consulting. We provide
seamless, consistent andhigh-quality services to our customers around the world.
About the job
Cyber threats, social media, massivedata storage, privacy requirements and continuity of the
business as usualrequire heavy information security measures. As a cybersecurity specialist,
youwill guide our clients to strengthen their cyber defenses. At EY, you willbelong to an
international connected team of specialists helping our clientswith their most complex
information security needs and contributing towardtheir business resilience. In simple terms,
you know how to use your deeptechnical experience and apply that to a business where we
need to battle riskand agility.
We will support you with career-longtraining and coaching to develop your skills. As EY is a
global leading serviceprovider in this space, you will be working with the best of the best in a
collaborative environment. So, whenever you join, however long you stay, theexceptional EY
experience lasts a lifetime.
About you :
You have very good interpersonal skills so that you can manage to interact directly with clients
and understand their needs. Furthermore, you will have good presentation skills as this will be a
key part of your daily activities. Finally, you will need good analytical skills to get the most out of
each project and client.
Joining us you will be able to find a very friendly yet challenging work environment. You will also
have the possibility to learn from some experts in the field to move forward on your career at the
pace you want to set. Based on this training and development of your skills, you will be able to
continuously keep progressing in your career assuming more responsibilities. You will own the
path of your own career.
To qualify for the role, you must have :
A Bachelor (or equivalent certification) in Computer Science, Information Management
Information Security or other comparable technical degree from an accredited college / university
Worked in the industry for at least 5 years and performed risk assessment, cyber control
reviews, compliance audits, and obtained an understanding of penetration testing, Security
Operations, SIEM or other security areas.
A fluency in Spanish and English, or any other language would be an advantage.
As part of the EY cyber security consulting team, you must be able to :
Demonstrate leadership and adaptability, with willingness to readily and voluntarily take
ownership of highly challenging tasks and problems, even beyond initial scope of responsibility.
Conduct various Red Team activities such as : Intelligence Gathering, Network / Operating
System / Application Penetration Testing, Web Application Penetration Testing, Mobile
Application Testing, Social Engineering and Physical Security Testing would be an advantage as
Participate in developing security roadmap, adopt security best practices, and implement new
ideas and innovations according to the industry trends.
Perform security risk assessment, threat analysis and threat modelling, independent reviews of
clients’ security, network, and applications, to be able to Plan / Design / Execute security related
activities and create artefacts.
Develop clear detailed reports and recommendations based on concrete evidence, to debrief
users and provide remediation strategy on findings.
Stay on-time, on-budget, and within scope of testing activities.
Understand and assimilate different points of view and needs of the clients.
Advise IT on current and emerging threats, their attack vectors, and how to mitigate them.
Ideally, you’ll also have :
Experience in assessing an implementing security and risk standards using ISO 27k, PCI DSS,
NIST, ITIL, COBIT, CCM.
Systems security skills in assessment, design, architecture, management and reporting.
Experience in application control and security implementation, program and project delivery
design, architecture and solution design, including security controls and architecture design.
Security-related certifications (CISSP, CISA, CEH, CRISK, ISSAP, GSLC, OSCP, OSCE,
GPEN, or GXPN, etc.).