Technology Risk Senior Consultant
  • Ukraine Kyiv
  • EY
1 year before
31.01.2024
Securely Provision
Risk Management
Job Description

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.


At EY we have ambitious plans to expand our already market leading Technology risk practice. With investment secured, we continue to build our Kyiv based practice. We need excellent people, across all grades, to join us and to be part of our exciting growth strategy. Interested and have what it takes to develop into a market leading expert in a fast evolving and exciting growth area?


The opportunity


As Technology risk Senior, you'll contribute technically to client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You'll also identify potential business opportunities for EY within existing engagements and escalate these as appropriate. Similarly, you'll anticipate and identify risks within engagements and share any issues with senior members of the team. In line with EY commitment to quality, you'll confirm that work is of high quality and is reviewed by the next-level reviewer. As an influential member of the team, you'll help to create a positive learning culture, coach and counsel junior team members and help them to develop.


Your Key Responsibilities


Participate in Technology Risk engagements (IT Audit, Information Security, Business Continuity, Risk Management);
Work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating senior team members on progress;
Help prepare reports and schedules that will be delivered to clients and other parties;
Develop and maintain productive working relationships with client personnel;
Build strong internal relationships within EY Consulting Services and with other services across the organization.


Skills And Attributes For Success


Experience in information, cyber security/ IT audit is essential for this role. A Big 4 background or comparable consulting experience is preferable.


To qualify for the role, you must have


At least 3 year of related work experience;
At least upper-intermediate level of English;
Experience working as an IT/Information security auditor or IT/Information security risk adviser for a professional services firm, or within industry;
Knowledge of informational security management processes;
Knowledge of IT management and Information Security standards (COBiT, ITIL, BS, ISO).


Ideally, you’ll also have


Demonstrated track record with a consulting organization;
International related certification.


What We Look For


High level of motivation and desire to develop a career in professional services.
Readiness for long business trips (including international) on demand.
Ability to multitasking and meeting tight deadlines, readiness for overtimes.


What We Offer


Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.


If you can demonstrate that you meet the criteria above, please contact us as soon as possible.

Quick response
Required Knowledge
  • K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0037   Knowledge of Security Assessment and Authorization process.
  • K0038   Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
  • K0048   Knowledge of Risk Management Framework (RMF) requirements.
  • K0054   Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
  • K0126   Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
  • K0169   Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  • K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
  • K0066   Knowledge of Privacy Impact Assessments.
  • K0154   Knowledge of supply chain risk management standards, processes, and practices.
  • K0263   Knowledge of information technology (IT) risk management policies, requirements, and procedures.
  • K0061   Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • K0200   Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
  • K0214   Knowledge of the Risk Management Framework Assessment Methodology.
  • K0264   Knowledge of program protection planning (e.g. information technology (IT) supply chain security/risk management policies, anti-tampering techniques, and requirements).
  • K0297   Knowledge of countermeasure design for identified security risks.
Required Skills
  • S0141   Skill in assessing security systems designs.
  • S0147   Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
  • S0171   Skill in performing impact/risk assessments.
Required Abilities
  • A0001  Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
  • A0015  Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
  • A0023  Ability to design valid and reliable assessments.
  • A0092  Ability to identify/describe target vulnerability.