Descripción del puesto:
The world is changing faster and faster than ever. Our Global Promise: "Building a Better
Working World" leads our more than 260,000 employees around the globe and provides the
foundation for the work we do every day. With our innovative services in auditing, tax consulting,
Transaction and management consulting, we lead our clients into the future.
Our Financial Services organization is the only major Big4 Company with functional and
transnational specialization in the financial services sector.
In our advisory services you are active in management and management consulting. We provide
seamless, consistent and high-quality services to our customers around the world.
About the job
Cyber threats, social media, massive data storage, privacy requirements and continuity of the
business as usual require heavy information security measures. As a cybersecurity specialist,
you will guide our clients to strengthen their cyber defenses. At EY, you will belong to an
international connected team of specialists helping our clients with their most complex
information security needs and contributing toward their business resilience. In simple terms,
you know how to use your deep technical experience and apply that to a business where we
need to battle risk and agility.
We will support you with career-long training and coaching to develop your skills. As EY is a
global leading service provider in this space, you will be working with the best of the best in a
collaborative environment. So, whenever you join, however long you stay, the exceptional EY
experience lasts a lifetime
Requerimientos del candidato/a:
You have very good interpersonal skills so that you can manage to interact directly with clients
and understand their needs. Furthermore, you will have good presentation skills as this will be a
key part of your daily activities. Finally, you will need good analytical skills to get the most out of
each project and client.
Joining us you will be able to find a very friendly yet challenging work environment. You will also
have the possibility to learn from some experts in the field to move forward on your career at the
pace you want to set. Based on this training and development of your skills, you will be able to
continuously keep progressing in your career assuming more responsibilities. You will own the
path of your own career.
To qualify for the role, you must have:
A Bachelor (or equivalent certification) in Computer Science, Information Management
Information Security or other comparable technical degree from an accredited college/university
Worked in the industry for at least 5 years and performed risk assessment, cyber control
reviews, compliance audits, and obtained an understanding of penetration testing, Security
Operations, SIEM or other security areas.
A fluency in Spanish and English, or any other language would be an advantage.
As part of the EY cyber security consulting team, you must be able to:
Demonstrate leadership and adaptability, with willingness to readily and voluntarily take
ownership of highly challenging tasks and problems, even beyond initial scope of responsibility.
Conduct various Red Team activities such as: Intelligence Gathering, Network/Operating
System/Application Penetration Testing, Web Application Penetration Testing, Mobile
Application Testing, Social Engineering and Physical Security Testing would be an advantage as
Participate in developing security roadmap, adopt security best practices, and implement new
ideas and innovations according to the industry trends.
Perform security risk assessment, threat analysis and threat modelling, independent reviews of
clients' security, network, and applications, to be able to Plan/Design/Execute security related
activities and create artefacts.
Develop clear detailed reports and recommendations based on concrete evidence, to debrief
users and provide remediation strategy on findings.
Stay on-time, on-budget, and within scope of testing activities.
Understand and assimilate different points of view and needs of the clients.
Advise IT on current and emerging threats, their attack vectors, and how to mitigate them.
Ideally, you'll also have:
Experience in assessing an implementing security and risk standards using ISO 27k, PCI DSS,
NIST, ITIL, COBIT, CCM.
Systems security skills in assessment, design, architecture, management and reporting.
Experience in application control and security implementation, program and project delivery
design, architecture and solution design, including security controls and architecture design.
Security-related certifications (CISSP, CISA, CEH, CRISK, ISSAP, GSLC, OSCP, OSCE,
GPEN, or GXPN, etc.)