EY
Associate Director – Vulnerability assessment and penetration testing
Job Summary
As an Associate Director with EY’s Global Delivery Services (GDS) Cybersecurity Team, you will contribute technically to client engagement and services development activities. You will be focused on helping client’s grow and turn their Cyber security strategy into reality. You’ll work in high-performing teams that drive growth and deliver exceptional client service, making certain you play your part in building a better working world.
You will be responsible for overall client service quality delivery in accordance with EY’s quality guidelines & methodologies. You will need to manage accounts and relationships on a day-to-day basis and explore new business opportunities for EY. Establishing, strengthening and nurturing relationships with clients (functional heads & key influencers) and internally across service lines. You will assist in developing new methodologies and internal initiatives and help in creating a positive learning culture by coaching, counselling and developing junior team members.
Client responsibilities:
Taking into account your experience and maturity, your involvement will vary from assisting in delivering these projects, acting as a subject matter expert or leading a team towards excellent client experience. Furthermore, you may be involved in pro-actively identifying and pursuing opportunities for further business and team growth.
You will be involved in the following activities during project delivery:
- Understanding client’s risk exposure and developing appropriate information and cybersecurity strategies.
- Assessing the maturity of clients’ current cybersecurity program and identifying areas for improvement.
- Technical leadership and knowledge of cybersecurity concepts and methods including, but not limited to, attack and penetration testing, vulnerability management, cloud, privacy, incident response, governance, risk and compliance, enterprise security strategies, and architecture.
- In-depth knowledge and proven experience in web applications, secure programming, code review, web exploit, OWASP, Database architecture and vulnerability assessment
- Provide guidance and share knowledge with team members and participate in performing threat and vulnerability procedures focusing on complex, judgmental and/or specialized issues related to threat, vulnerability and penetration testing (e.g. MITRE, CBEST, Tiber)
- Building a prioritized roadmap for project investments and organizational change initiatives and validating that the client’s security investments have improved its security posture.
- Defining and implementing cybersecurity related frameworks, supported by policies, standards and procedures, in line with internal and/or external (compliance) requirements.
- Supporting the client’s team by acting as an interim team member (e.g. CISO, cybersecurity officer, cybersecurity manager).
- Monitoring progress, manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Stay abreast of current business and industry trends relevant to our clients.
- Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management.
- Demonstrating and applying a thorough understanding of complex information systems.
- Establishing relationships with client personnel at appropriate levels.
- Helping identify and developing business opportunities and delivering quality client services.
Key responsibilities:
- Provide industry insights (deep understanding of the industry, emerging trends, issues/challenges, key players & leading practices) that energize growth
- Demonstrate deep understanding of the client’s industry and marketplace
- Lead consulting engagements that solve complex Cyber security issues
- Help mentor, coach and counsel their team members and help us build an inclusive culture and high-performing teams
- Maximize operational efficiency through standardization and process automation on client engagements and internal initiatives
- Monitor delivery progress, manage risk and ensure key stakeholders are kept informed about progress and expected outcomes
- Successfully manage engagement time and budgets
- Convey complex technical security concepts to technical and non-technical audiences including executives.
- Provide strategic and relevant insight, connectedness and responsiveness to all clients to anticipate their needs
- Support and drive the overall growth strategy for the Cybersecurity practice as part of the leadership team.
- Identify and drive development of market differentiators including new products, solutions, automation etc.
- Define, develop and implement strategic go-to-market plans in collaboration with local EY member firms in Americas, EMEIA and APAC.
- Drive new business opportunities by developing ideas, proposals and solutions
- Strongly represent EY and its service lines and actively assess what the firm can deliver to serve clients. Assist Consulting Partners & Senior Managers in driving the business development process on existing client engagements by gathering appropriate resources, gaining access to key contacts & supervising proposal preparation
- Develop long-term relationships with networks both internally and externally
- Enhance the EY brand through strong external relationships across a network of existing and future clients and alliance partners
- Driving the quality culture agenda within the team
- Manage and contribute in performance management for the direct reportees and team members, as per the organization policies
- Able to examine and act on people related issues both strategically and analytically.
- Participating in the EY-wide people initiatives including recruiting, retaining and training Cybersecurity professionals
- Use technology to continually learn, share knowledge and enhance client service delivery
- Support the EY inclusiveness culture
To qualify, candidates must have:
- At least 15 years of industry experience and serving as Manager for minimum of 10 years or 5 years as Senior Manager, of recent relevant work experience in information security or information technology discipline, preferably in a business consulting role with a leading technology consultancy organization
- Strong technical experience in not limited to, attack and penetration testing, vulnerability management, cloud, privacy, incident response, governance, risk and compliance, enterprise security strategies, and architecture.
- Any two of the following technical certifications: CISSP, CISM, OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN.
- Graduates / BE / BTech / MSc / MTech / MBA in the fields of Computer Science, Information Systems, Engineering, Business or related major
- Any one of the following project management experience – Prince2 / PMP / MSP
- You have an analytical mindset, strive for quality and are able to work in a result-oriented environment.
- Proven experience in conducting vulnerability and penetration testing as well as conducting threat profiles is advantageous.
- Fluency in English, other language skills are considered an asset
EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.