Security Vulnerabilities & Compliance Specialist
EY Technology :
Technology has always been at the heart of what we do and deliver at EY.We need technology to keep an organization the size of ours workingefficiently.
We have 250,000 people in more than 140 countries, all of whomrely on secure technology to be able to do their job every single day.
Everything from the laptops we use, to theability to work remotely on our mobile devices and connecting our people andour clients, to enabling hundreds of internal tools and external solutionsdelivered to our clients.
Technologysolutions are integrated in the client services we deliver and is key to usbeing more innovative as an organization.
EY Technology supports our technology needs through three businessunits :
ClientTechnology (CT) - focuses on developing new technology services for ourclients. It enables EY to identifynew technology-
based opportunities faster, and pursue those opportunities morerapidly.
Enterprise WorkplaceTechnology (EWT) EWT supports our Core Business Servicesfunctions and will deliver fit-for-purpose technology infrastructure at thecheapest possible cost for quality services.
EWT will also support our internaltechnology needs by focusing on a better user experience.
Information Security (Info Sec) - Info Sec prevents, detects, responds andmitigates cyber-risk, protecting EY and client data, and our informationmanagement systems.
Under limitedsupervision, the Analyst is responsible for maintaining and supporting ourglobal services by conducting compliance reporting analysis in accordance withInformation Security and Security Operations Services policies for the firm’s network.
Using the scanning results from the Qualys Guard platform, a proven industryleader in vulnerability scanning, the analyst will evaluate and rank accordingto a Qualys defined severity level (i.
e. monthly Zone 1 internal scananalysis and Zone 2 external scan analysis). In addition, the GVM analystprovides vulnerability management, situational awareness and network discoveryanalytics to EY organizations promoting proactive countermeasures and controlsagainst possible exposure in accordance with the EY Global Information SecurityPolicy (i.
e. patches, policy configurations, and weaknesses in deployedapplications and infrastructure). Furthermore, continue to grow the service byassessing current processes and procedures to ensure they make sense and towork with stakeholders to provide improved automation processes where we canadd value and assist in remediation efforts of discovered vulnerabilities.
Additionally,the senior analyst will provide vulnerability management coordination supportfor any 3rd party reputational websites, 3rd party auditsand any Information Security projects that impact the Vulnerability remediationteam or software applications managed by the Vulnerability Remediation team.
This position provides direct, day-to-day compliance support to key business units, and at times, general support for centralized initiatives.
A significant portion of the workflow will consist of providing general compliance support. This is a challenging position with high exposure and attention to detail and solid project management skills are essential.
In addition, the position will assist in monitoring remediation and exception activities to ensure they are performed in compliance with our firm’s security policies.
Knowledge and Skills Requirements :
Certification Requirements :
Desirable : IT security Certifications (CISO, CISSP, GSEC, Security+ etc.)and ITIL Certifications