Apply now »

Consulting - FSO - Senior - Beijing

Location:  Beijing
Other locations:  Primary Location Only
Salary: Competitive
Date:  Jan 13, 2022

Job description

Requisition ID:  55501

Description - External


Excellent career opportunity with Ernst & Young:


Ernst & Young is one of the leading global professional services organizations with 167,000 staff around the world.  We are proud of our people culture which we believe sets us apart in the profession.  Ernst & Young helps you achieve your best by providing great learning and career growth opportunities, by offering ways to help you achieve satisfaction in work and life, and by looking at each decision with a keen eye toward how it will affect you.


Job summary:


Cyber Security's engagements focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks.  Engagements may be either assurance (attestation) and/or risk advisory in nature, and vary considerably in size and complexity. In addition to assurance-related engagements such as financial attestation and SAS 70 engagements, our IT risk advisory services also focus on IT governance and effectiveness, IT program management and assurance, security and controls of ERP implementations, and business intelligence and information analysis.


  • Collaborate with other members of the engagement team to plan the engagement and develop work program timelines, risk assessments, and other planning documents.  Work with the engagement team to document the business processes dependent on information technology.  Serve as a fieldwork leader by directing the daily progress of fieldwork, informing supervisors of engagement status, and managing staff performance;
  • Demonstrate and apply a thorough understanding of complex information systems.  Use knowledge of the current IT environment and industry IT trends to identify the engagement and client service issues, and communicate this information to the engagement team and client management through written correspondence and verbal presentations;
  • Demonstrate and apply strong project management skills, inspire teamwork and responsibility with engagement team members, and use current technology and tools to enhance the effectiveness of deliverables and services;
  • Demonstrate expert ability to identify and analyze business and user requirements, develop, present and demonstrate professional solutions to prospective customers based on detailed customer requirements;
  • Prepare and conduct proposal presentations, demonstrations and participate in marketing and promotional activities (workshop, seminar, training and speech etc.);
  • Perform planned and ad-hoc security reviews to ensure compliance with existing policies;
  • Lead team to provide information security advisory services on risks and security best practice.


Responsibilities, Qualifications, Certifications - External



  • University graduates in Information Systems / Computer Science and Accounting
  • A minimum of 2~3 years of relevant experience with reputable international accounting firms; or experience in IT operations, holding ITIL and/or ISO20000 certificate; or experience in initiating, maintaining and monitoring information security policies, processes and procedures in enterprise according to ISO 17799/27701 and conducting information security risk assessment and treatment programs.
  • IT audit experience on general controls review, application controls review and data analysis using audit commands language
  • Ability to review ERP systems (e.g. SAP and Oracle Financials) is an advantage
  • Good skill set in Banks & Insurances & Securities business, system integration, project management, or cloud computing;
  • IT 咨询: IT 规划(网络,基础架构,数据和应用规划), IT 流程管理 IT管理体系, ITIL
  • IT风险: IT风险管理, 信息安全 (安全规划,安全技术, 数据安全, 应用和网络安全,云安全等)
  • 业务安全/渗透测试/银行证券保险类型网站安全/安全产品,(WAF/TD)日志做全面分析/应急响应/Data Security/Cloud Security/penetration testing/vulnerability management/incident response/jave, python, docker/OWASP10


  1. Application security
  2. Penetration test
  3. Vulnerability scan
  4. CEH
  5. CISSP


  1. Sales Engineer (售前)
  2. Data loss prevention (DLP)
  3. IAM
  4. SIEM
  5. Security operation center (SOC)
  6. Incident response


  • 具有等级保护咨询及测评经验的
  • 35年以上相关工作经验者


  • 具有35年以上信息安全运营(安全监控,安全事件响应,安全事件分析等)经验
  • 熟悉主流SOCSIEM平台包含SplunkLogRhythm, McAfee, ArcSight
  • 具有设计实施SOC及相关者优先

Apply now »