Risk Advisor, (Cyber Security) (Cyber Threat Management - Vulnerability ID) (Manager) (Multiple Positions), Ernst & Young U.S. LLP, Houston, TXProvide advisory services on technology risk and security to help clients protect themselves against cyber attacks. Define technical and business requirements for Threat and Vulnerability management solutions and business process and policies related to controlling access to systems and applications. Develop cyber threat and vulnerability management strategies relating to application penetration testing and application source code review. Peform vulnerability and attack and penetration assessments in Internet, Intranet, and Wireless environments. Enable enterprise clients to make better security and risk decisions, and reduce the cost of managing overall security risk. Work with clients to deliver sustainable, measurable results in transforming information security programs, identifying and responding to cyber threats, managing identity and access effectively and efficiently, and/or mitigating the risk of information loss and addressing privacy regulations. Help enterprises build cyber security models to protect company data against cyber threats. Confer with clients to discuss issues such as computer data access needs, security violations, and programming changes.
Manage and motivate teams with diverse skills and backgrounds. Consistently deliver quality client services by monitoring progress. Demonstrate in-depth technical capabilities and professional knowledge. Maintain long-term client relationships and networks. Cultivate business development opportunities.
Full time employment, Monday – Friday, 40 hours per week, 8:30 am – 5:30 pm.
Must have a Bachelor's degree in Management Information Systems (MIS), Computer Science, Engineering, Business, Accounting, Finance or a related field and 5 years of progressive, post-baccalaureate advisory and/or systems integration work experience. Alternatively, will accept a Master's degree in Management Information Systems (MIS), Computer Science, Engineering, Business, Accounting, Finance or a related field and 4 years of advisory and/or systems integration work experience.
Must have 4 years of experience working in Security, IT Management and/or Enterprise Resource Planning (ERP).
Must have 4 years of experience in Network Attack and Penetration testing; Security Testing of Web-based applications; and/or Application Security Code Assessments.
Must have 4 years of experience in the following:
- UNIX, NT, Networking and Wireless Security, and/or TCP/IP Networking.
- Java, C, C++, CH, ASP.NET, and/or .NET programming languages.
- Manual Attack and Penetration Testing without use of automated tools.
- Application development, including custom scripts or programs used for port scanning and vulnerability identification (including Python, PowerShell, Java, and/or Perl).
- Working with web-based application vulnerabilities.
Must have 2 years of experience leading teams of Cyber Security advisory/consulting professionals.
Must be eligible to obtain a professional certification such as CIPP, CIPT, CISA, CISM, CISSP, CRISC, PMP or other related certification within one year of hire.
Requires travel up to 80%, of which 20% may be international, to serve client needs.
Employer will accept any suitable combination of education, training or experience.
Please apply on-line at ey.com/us/jobsearch (Job Number – HOU0036V).
EY, an equal employment opportunity employer (Females/Minorities/Protected Veterans/Disabled), values the diversity of our workforce and the knowledge of our people.
This particular position at Ernst & Young in the United States requires the qualified candidate to be a "United States worker" as defined by the U.S. Department of Labor regulations at 20 CFR 656.3. You can review this definition at https://www.gpo.gov/fdsys/pkg/CFR-2011-title20-vol3/pdf/CFR-2011-title20-vol3-sec656-3.pdf at the bottom of page 750. Please feel free to apply to other positions that do not require you to be a "U.S. worker".