Security Vulnerabilities & Compliance Specialist
Ernst & Young Global Limited
hace 6 horas

Security Vulnerabilities & Compliance Specialist

EY Technology :

Technology has always been at the heart of what we do and deliver at EY.We need technology to keep an organization the size of ours workingefficiently.

We have 250,000 people in more than 140 countries, all of whomrely on secure technology to be able to do their job every single day.

Everything from the laptops we use, to theability to work remotely on our mobile devices and connecting our people andour clients, to enabling hundreds of internal tools and external solutionsdelivered to our clients.

Technologysolutions are integrated in the client services we deliver and is key to usbeing more innovative as an organization.

EY Technology supports our technology needs through three businessunits :

ClientTechnology (CT) - focuses on developing new technology services for ourclients. It enables EY to identifynew technology-

based opportunities faster, and pursue those opportunities morerapidly.

Enterprise WorkplaceTechnology (EWT) EWT supports our Core Business Servicesfunctions and will deliver fit-for-purpose technology infrastructure at thecheapest possible cost for quality services.

EWT will also support our internaltechnology needs by focusing on a better user experience.

Information Security (Info Sec) - Info Sec prevents, detects, responds andmitigates cyber-risk, protecting EY and client data, and our informationmanagement systems.

The opportunity

Under limitedsupervision, the Analyst is responsible for maintaining and supporting ourglobal services by conducting compliance reporting analysis in accordance withInformation Security and Security Operations Services policies for the firm’s network.

Using the scanning results from the Qualys Guard platform, a proven industryleader in vulnerability scanning, the analyst will evaluate and rank accordingto a Qualys defined severity level (i.

e. monthly Zone 1 internal scananalysis and Zone 2 external scan analysis). In addition, the GVM analystprovides vulnerability management, situational awareness and network discoveryanalytics to EY organizations promoting proactive countermeasures and controlsagainst possible exposure in accordance with the EY Global Information SecurityPolicy (i.

e. patches, policy configurations, and weaknesses in deployedapplications and infrastructure). Furthermore, continue to grow the service byassessing current processes and procedures to ensure they make sense and towork with stakeholders to provide improved automation processes where we canadd value and assist in remediation efforts of discovered vulnerabilities.

Additionally,the senior analyst will provide vulnerability management coordination supportfor any 3rd party reputational websites, 3rd party auditsand any Information Security projects that impact the Vulnerability remediationteam or software applications managed by the Vulnerability Remediation team.

This position provides direct, day-to-day compliance support to key business units, and at times, general support for centralized initiatives.

A significant portion of the workflow will consist of providing general compliance support. This is a challenging position with high exposure and attention to detail and solid project management skills are essential.

In addition, the position will assist in monitoring remediation and exception activities to ensure they are performed in compliance with our firm’s security policies.

  • Support enforcement of IT policy, procedures and standards
  • Investigate, determine and document GVM scan report findings regarding discovered irregularities, escalate appropriately and determine the cause(s) of and recommend appropriate solutions to any irregularities identified
  • Assist in the designing, documenting and implementation of computer-assisted analysis techniques.
  • Assist in recommending, developing, and implementing changes to procedures and systems used by Security Operations Services to enhance data security
  • Exhibits Global Diversity Awareness
  • Must be able to effectively interact with other IT Services professionals
  • Prioritize, organize, optimize and automate daily operations
  • Managing multicultural project teams in different time zones
  • Strong English language skills in verbal and written communications
  • Strong work interaction with Information Security and within IT Services Operation team
  • Work independently on small projects, as needed.
  • Knowledge and Skills Requirements :

  • Escalates issues to Team Leadership or cross-team staff as required
  • Experience and understanding of databases and data elements to create technical controls
  • Excellent communication, interpersonal, organizational, and project management skills
  • The ability to work effectively on multiple projects simultaneously, in a fast-paced and highly challenging environment
  • Excellent problem-solving skills
  • In depth knowledge of Microsoft Excel’s more advanced functions
  • In depth knowledge of Service Now
  • Working knowledge of Python or cURL
  • In depth knowledge of Spotfire (i.e. analysis tool that delivers the most complete set of analytics, unified on a single, centrally-managed platform)
  • Strong documentation skills required
  • Education :

  • Bachelor's degree in a technical discipline such as Engineering or Computer Science or equivalent work experience in IT and Information Security
  • Experience :

  • Mandatory : Advanced MS Excel skills
  • Desirable :

  • Working knowledge of Service Now
  • Working knowledge of Spotfire
  • Working knowledge of Python or cUrl
  • SQL and SQL database knowledge
  • Knowledge of data sources (i.e. HR, AD, SEP, and SCCM)
  • Knowledge of Identity and Access Management services
  • Certification Requirements :

    Desirable : IT security Certifications (CISO, CISSP, GSEC, Security+ etc.)and ITIL Certifications

    Añadir a los favoritos
    Eliminar de mis favoritos
    Mi Correo Electrónico
    Al hacer clic en la opción "Continuar", doy mi consentimiento para que neuvoo procese mis datos de conformidad con lo establecido en su Política de privacidad . Puedo darme de baja o retirar mi autorización en cualquier momento.
    Formulario de postulación