Senior Cyber Governance Risk and Compliance Consultant - Financial Services

at  EY

EY is the only major professional services firm with a dedicated financial services practice (EY FSO) integrated in the EMEIA region. An international team of over 16.000 professionals is working across borders for our clients in the financial sector: Banking, Insurance, Payment Institutions and Wealth & Asset Management, in all service lines: Consulting, Tax, Transactions and Assurance. As we consider our people as the heart of EY, we hire and develop the most passionate people in their field to build a better working world. This starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. So that, whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.

THE OPPORTUNITY

For our cybersecurity team, we are looking for Governance, Risk and Compliance consultants. The projects and roles we take on are diverse and not two of them are the same, so we are looking for professionals that can combine relevant experience with the right mindset.
Our clients, typically the Chief Information Security Officer, are looking for advice and support for their security transformations. As GRC consultants, we often perform independent assessments on their cybersecurity capability and/or support them in the definition and execution of their security roadmap.

SKILLS AND ATTRIBUTES FOR SUCCESS

• Master’s degree in a relevant field (e.g. computer science, mathematics, civil engineer, applied informatics or others) or equivalent through experience.
• Professional experience (between 2 – 5 years), either in consulting or in the financial sector
• An understanding on the current challenges a CISO faces, and how to transform information security from an IT concern to a business enabler
• A good understanding on how risk-based decision taking takes place in a business environment, and how to select the appropriate response to information security risks
• Familiarity with industry standards and best practices including the ISO 27000 series
• Proven client stakeholder management and communication skills
• Strong team spirit, balanced by a healthy sense of autonomy
• Relevant certifications such as CISSP / CISM are considered a plus for more experienced candidates

You will serve local and international financial services clients, and will be involved in different types of projects:

• Perform information security maturity assessments (based on the EY maturity model or against industry frameworks) and support the creation of security roadmaps based on the outcome
• Execute information security risk assessments and business impact assessments (BIA)
• Definition and implementation of an Information Security Management System (ISMS)
• Identification, analysis and implementation of information security processes and controls (e.g. access management, incident management, business continuity)
• Measurement and reporting on the information security posture of an organization, based on the risk appetite, key threats, adequacy of controls
• Support the CISO in both the operational security responsibilities and in the transformation journeys, by providing advice and support