Ernst & Young (EY)

Advisory - Risk - Cyber Security - Senior/Staff Associate

Ernst & Young (EY)
Full Time
Intermediate (3-6 years)

Job Description

Advisory - Risk - Cyber Security - Senior/Staff Associate

Location: CN-Hong Kong-Hong Kong

Cyber threats, social media, massive data storage, privacy requirements and continuity of the business as usual require heavy information security measures. As a cyber security specialist, you will lead the implementation of security solutions for our clients and support the clients in their desire to protect the business. You will belong to an international connected team of specialists helping our clients with their most complex information security needs and contributing toward their business resilience. You will be working with our Advanced Security Centers to access the most sophisticated tools available to fight against cybercrime.
We will support you with career-long training and coaching to develop your skills. As EY is a global leading service provider in this space, you will be working with the best of the best in a collaborative environment. So whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.


Job Summary
As a Senior Consultant in the Cyber Security Team, you will contribute technically to client engagements and services development activities. An important part of your role will be to actively establish, maintain and strengthen client’s relationships. You will also identify potential business opportunities for EY within existing engagements, and escalate these as appropriate. Similarly, you will anticipate and identify risks within engagements and share any issues with senior members of the team.
In line with EY commitment to quality, you will confirm that work is of high quality and is reviewed by the next-level reviewer. As an influential member of the team, you will help to create a positive learning culture, coach and counsel junior team members and help them to develop.
Client responsibilities
  • Participate in Cyber Security and Data Privacy engagements
  • Work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating senior team members on progress
  • Help prepare reports and schedules that will be delivered to clients and other parties
  • Develop and maintain productive working relationships with client personnel
  • Build strong internal relationships within EY Advisory Services and with other service lines across the organization

 People responsibilities

  • Conduct performance reviews and contribute to performance feedback for staff
  • Contribute to people-related initiatives including team building, identification of training needs, career development planning, etc.
  • Understand and follow workplace policies and procedures

To qualify, you must meet the following requirements:


Technical skills requirements

  • Enterprise risk services with a specific focus on IT, and related industry standards
  • Common IT governance and control industry frameworks, including CObIT, RiskIT, ValIT, IT
  • IT industry frameworks such as ITIL and CMM
  • IT assurance and compliance
  • A broad appreciation of business processes, data structures, IT applications and infrastructure, IT processes, and governance and internal control principles
  • Infrastructure Information systems security assessment, design, architecture, implementation, management and reporting
    • Strong technical or security skills related to a broad range of operating systems, databases or security tools, e.g., UNIX, Linux, Windows 2000 and NT, firewalls and IDS systems
    • Experience with programming languages such as Java, C, C++, C#, asp, and .NET
    • Familiarity with security and risk standards such as ISO 2701-2, PCI DSS, NIST, ITIL, COBIT
    • Experience of security testing methods and techniques including network, operating and application system configuration review and internal/external penetration testing
    • Experience of manual attack and penetration testing above and beyond the running of automated tools
    • Experience in developing custom scripts or programs (used for port scanning and vulnerability identification)
  • Applications
    • An understanding of web based application vulnerabilities and experience in application security review and testing
    • An understanding of mobile application vulnerabilities and experience in mobile application security review and testing
    • Familiarity with security standards reference such as OWASP, SANS, NIST
    • Understanding of secure development practice and framework
  • Bachelor's Degree in Computer Science, Information Technology or related disciplines
  • A minimum of 3 years relevant experience in Information Technology with at least 2 years demonstrable experience in penetration testing to system infrastructure, web or mobile application systems is a must
  • Sound knowledge and experience in using different hacking tools to perform foot printing, enumeration and exploitation of system infrastructure, web and mobile applications.
  • Knowledge and experience in web or mobile application programming and security code review is desirable
  • Experience in IBM Rational AppScan, Acunetix and Jtest is desirable. Related qualifications and/or industry certifications such as CEH (Certified Ethical Hacker), MCSE, RHCE/LPI, CCNA/CCIE and OCA/OCP are an advantage. Able to work independently and under pressure
  • Good command of written and spoken English
  • Candidates with less experience will be considered as Staff Associate

Professional Qualifications

  • Cisco Certified Network Associate (CCNA)
  • Microsoft Certified Systems Engineer (MCSE)
  • Cisco Certified Internetwork Expert (CCIE)
  • Certified Ethical Hacker (CEH)
  • ITIL Practitioner Level
  • Red Hat Certified Engineer (RHCE)

Technical Skills

  • .NET
  • ASP
  • C (Programming Language)
  • C#
  • C++
  • Compliance
  • Information Technology Infrastructure Library (ITIL)
  • Internal Control
  • ISO
  • IT Governance
  • IT Security
  • Java
  • Linux
  • Training
  • UNIX