Advisory - Risk - Information Security - Consultant

Job description

Advisory Risk – IT Security - Consultant
 
Excellent career opportunity with Ernst & Young:
Ernst & Youngis one of the leading global professional services organizations with 167,000 staff around the world.  We are proud of our people culture which we believe sets us apart in the profession.  Ernst & Young helps you achieve your best by providing great learning and career growth opportunities, by offering ways to help you achieve satisfaction in work and life, and by looking at each decision with a keen eye toward how it will affect you.
 
Job summary:
Cyber Security's engagements focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks.  Engagements may be either assurance (attestation) and/or risk advisory in nature, and vary considerably in size and complexity.  All of our TSRS services, whether assurance or advisory in nature, are designed for the dual purpose of strengthening internal controls and helping our clients improve IT and business performance.  In addition to assurance-related engagements such as financial attestation and SAS 70 engagements, our IT risk advisory services also focus on IT governance and effectiveness, IT program management and assurance, security and controls of ERP implementations, and business intelligence and information analysis.

Responsibilities:

·  Collaborate with other members of the engagement team to plan the engagement and develop work program timelines, risk assessments, and other planning documents.  Work with the engagement team to document the business processes dependent on information technology.  Serve as a fieldwork leader by directing the daily progress of fieldwork, informing supervisors of engagement status, and managing staff performance;
·  Demonstrate and apply a thorough understanding of complex information systems.  Use knowledge of the current IT environment and industry IT trends to identify the engagement and client service issues, and communicate this information to the engagement team and client management through written correspondence and verbal presentations;
·  Demonstrate and apply strong project management skills, inspire teamwork and responsibility with engagement team members, and use current technology and tools to enhance the effectiveness of deliverables and services;
·  Demonstrate expert ability to identify and analyze business and user requirements, develop, present and demonstrate professional solutions to prospective customers based on detailed customer requirements;
·  Prepare and conduct proposal presentations, demonstrations and participate in marketing and promotional activities (workshop, seminar, training and speech etc.);
·  Perform planned and ad-hoc security reviews to ensure compliance with existing policies;
·  Lead team to provide information security advisory services on risks and security best practice.
Requirements:
·  University graduates in Information Systems / Computer Science and Accounting
·  A minimum of 2~3 years of relevant experience with reputable international accounting firms; or experience in IT operations, holding ITIL and/or ISO20000 certificate; or experience in initiating, maintaining and monitoring information security policies, processes and procedures in enterprise according to ISO 17799/27701 and conducting information securiry risk assessment and treatment programs.
·  Strong interpersonal and organizational skills
·  Able to interact effectively with both management and clients
·  IT audit experience with major CPA firms is a plus
·  IT audit experience on general controls review, application controls review and data analysis using audit commands language
Ability to review ERP systems (e.g. SAP and Oracle Financials) is an advantage
·  IT 咨询： IT 规划（网络，基础架构，数据和应用规划）， IT 流程管理 （IT管理体系， ITIL）
·  IT风险： IT风险管理， 信息安全 （安全规划，安全技术， 数据安全， 应用和网络安全，云安全等）

安全测试类
·  Application security
·  Penetration test
·  Vulnerability scan
·  CEH
·  CISSP

安全产品类
·  Sales Engineer（售前）
·  Data loss prevention (DLP)
·  IAM
·  SIEM
·  Security operation center (SOC)
·  Incident response

HR Number:85241

Advisory Risk – IT Security - Consultant
 
Excellent career opportunity with Ernst & Young:
Ernst & Youngis one of the leading global professional services organizations with 167,000 staff around the world.  We are proud of our people culture which we believe sets us apart in the profession.  Ernst & Young helps you achieve your best by providing great learning and career growth opportunities, by offering ways to help you achieve satisfaction in work and life, and by looking at each decision with a keen eye toward how it will affect you.
 
Job summary:
Cyber Security's engagements focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks.  Engagements may be either assurance (attestation) and/or risk advisory in nature, and vary considerably in size and complexity.  All of our TSRS services, whether assurance or advisory in nature, are designed for the dual purpose of strengthening internal controls and helping our clients improve IT and business performance.  In addition to assurance-related engagements such as financial attestation and SAS 70 engagements, our IT risk advisory services also focus on IT governance and effectiveness, IT program management and assurance, security and controls of ERP implementations, and business intelligence and information analysis.

Responsibilities:

·  Collaborate with other members of the engagement team to plan the engagement and develop work program timelines, risk assessments, and other planning documents.  Work with the engagement team to document the business processes dependent on information technology.  Serve as a fieldwork leader by directing the daily progress of fieldwork, informing supervisors of engagement status, and managing staff performance;
·  Demonstrate and apply a thorough understanding of complex information systems.  Use knowledge of the current IT environment and industry IT trends to identify the engagement and client service issues, and communicate this information to the engagement team and client management through written correspondence and verbal presentations;
·  Demonstrate and apply strong project management skills, inspire teamwork and responsibility with engagement team members, and use current technology and tools to enhance the effectiveness of deliverables and services;
·  Demonstrate expert ability to identify and analyze business and user requirements, develop, present and demonstrate professional solutions to prospective customers based on detailed customer requirements;
·  Prepare and conduct proposal presentations, demonstrations and participate in marketing and promotional activities (workshop, seminar, training and speech etc.);
·  Perform planned and ad-hoc security reviews to ensure compliance with existing policies;
·  Lead team to provide information security advisory services on risks and security best practice.
Requirements:
·  University graduates in Information Systems / Computer Science and Accounting
·  A minimum of 2~3 years of relevant experience with reputable international accounting firms; or experience in IT operations, holding ITIL and/or ISO20000 certificate; or experience in initiating, maintaining and monitoring information security policies, processes and procedures in enterprise according to ISO 17799/27701 and conducting information securiry risk assessment and treatment programs.
·  Strong interpersonal and organizational skills
·  Able to interact effectively with both management and clients
·  IT audit experience with major CPA firms is a plus
·  IT audit experience on general controls review, application controls review and data analysis using audit commands language
Ability to review ERP systems (e.g. SAP and Oracle Financials) is an advantage
·  IT 咨询： IT 规划（网络，基础架构，数据和应用规划）， IT 流程管理 （IT管理体系， ITIL）
·  IT风险： IT风险管理， 信息安全 （安全规划，安全技术， 数据安全， 应用和网络安全，云安全等）

安全测试类
·  Application security
·  Penetration test
·  Vulnerability scan
·  CEH
·  CISSP

安全产品类
·  Sales Engineer（售前）
·  Data loss prevention (DLP)
·  IAM
·  SIEM
·  Security operation center (SOC)
·  Incident response

HR Number:85241