CSD Cyber Security Senior Manager
  • United Kingdom Newcastle upon Tyne
  • EY
1 year before
31.12.2023
Oversee and Govern
Cybersecurity Management
Job Description

Cyber Security Senior Manager


Market leading growth in our Consulting Service Delivery team has created opportunities for new people to join the team, working in our Newcastle Service Delivery Centre. Cyber security issues are a key concern in the business world currently, with technical advances arising every day. This is a great opportunity to play a key role in helping financial service (FS) clients to improve their cyber security operations and give them the assurance they need to operate their business successfully and safely.


The Opportunity


The Consulting Service Delivery team is one of EY’s fastest growth areas and we are based in a modern office in Newcastle city centre. We have an excellent opportunity for a Senior Manager to join our Cyber, based out of our Newcastle office. In this role you will be providing technical advice on Cyber related topics and insights on latest market trends to our FS clients. You would be playing a key role in helping clients to improve their cyber security operations. Continuing expansion means we are looking for people who will thrive in a fast-paced environment, and enjoy working as part of different teams.


Your Key Responsibilities


You will support our clients across a range of Cyber issues and challenges and enable our clients to better manage the broad range of risks in their increasingly complex IT ecosystems. In addition, you will play a key role in supporting the development of new business opportunities.


As a Senior Manager, you will be responsible for supporting and advising our clients on this important issue and managing client engagement teams with diverse skills and backgrounds by fostering an innovative and inclusive team-orientated work environment. You will actively improve operational efficiency on projects and internal initiatives, in line with EY’s commitment to quality.


You can expect leading-class learning and development tailored to your unique interests and motivations. You’ll be given all the skills, knowledge and opportunities to progress and become ready to build a better working world for our people, our clients and the communities that support us.


Client Responsibilities:


Lead and deliver client engagements
Mobilisation of project teams and design of the processes to be followed
Support engagement management activities such as finance tracking, billing, resource management
Develop and maintain productive working relationships with client personnel, whilst building strong internal relationships within Consulting and across other services
Supporting in client business development activities, including proposal writing and presentations to potential clients
Support senior members of the team in go-to-market activities across UK
Preparing reports and outputs that will be delivered to clients and other parties


People Responsibilities:


Develop people through effectively supervising, coaching, and mentoring staff
Conduct performance reviews and contribute to performance feedback for staff
Contribute to people initiatives including recruiting, retaining and training professionals
Maintain an educational program to continually develop personal skills
Understand and follow workplace policies and procedures


To qualify for the role you must have


You will be able to demonstrate project experience and client knowledge gained from professional practise across a number of the following areas of Cyber:


Pragmatic approach to identifying and explaining cyber risks within complex transformation initiatives
Strong experience in a couple of these Cyber security domains, Risk Management, IAM, Controls, Resilience, and Cloud.
Experience in working within agile development environments to embed security successfully into systems prior to product / production release
Strong influencing and communications skills at all levels
Strong ability to bring new ideas and innovation to deliverables
Ability to understand and incorporate multiple points of views and perspectives into successful approach
Excellent oral, presentation and facilitation skills
Very strong project and change management skills, with high levels of commercial insight and acumen.
Ability to prioritize and re-prioritize workloads quickly, managing expectations and delivering exceptional client service.


Ideally, you’ll also have


Experience advising Financial Services organisations on what good cyber security looks like, based on the cyber security threats and risks they face
Awareness of National and International security standards
Project management experience – Agile / Prince2 / PMI / MSP
Team Leadership / Management experience
Security certifications such as CISSP, CISA or CISM


What We Look For


You’ll be a trusted business advisor to our clients, specialising within the Cyber Security field, so they’ll look to you to find, ask and answer the questions nobody else has asked yet and then develop and execute an effective service. If you’re ready to take on a wide range of responsibilities, and are committed to seeking out new ways to make a difference, this role is for you.


What Working At EY Offers


We offer a competitive remuneration package where you’ll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well-being, insurance, savings and a wide range of discounts, offers and promotions. Plus, we offer:


Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.
Visit our careers microsite for more information


If you can demonstrate that you meet the criteria above, please contact us as soon as possible.


The Exceptional EY Experience. It’s Yours To Build.


Apply now.


Quick response

Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0008   Knowledge of applicable business processes and operations of customer organizations.
  • K0033   Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
  • K0038   Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
  • K0048   Knowledge of Risk Management Framework (RMF) requirements.
  • K0061   Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • K0121   Knowledge of information security program management and project management principles and techniques.
  • K0126   Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
  • K0149   Knowledge of organization's risk tolerance and/or risk management approach.
  • K0169   Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  • K0179   Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • K0180   Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
  • K0332   Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)

Required Skills
  • S0027   Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • S0086   Skill in evaluating the trustworthiness of the supplier and/or product.
  • S0059   Skill in using Virtual Private Network (VPN) devices and encryption.
  • S0138   Skill in using Public-Key Infrastructure (PKI) encryption and digital signature capabilities into applications (e.g., S/MIME email, SSL traffic).

Required Abilities
  • A0161  Ability to integrate information security requirements into the acquisition process; using applicable baseline security controls as one of the sources for security requirements; ensuring a robust software quality control process; and establishing multiple sources (e.g., delivery routes, for critical system elements).
  • A0165  Ability to manage Communications Security (COMSEC) material accounting, control and use procedure.