Client Security Specialist

Today’s world is fueled by vast amounts of information. Data is more valuable than ever before. Protecting data and information systems is central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of over 950 people who collaborate to support the business of EY by protecting EY and client information assets! Our Information Security professionals enable EY to work securely and deliver secure products and services, as well as detect and quickly respond to security events as they happen. Together, the efforts of our dedicated team helps protect the EY brand and build client trust.

Within Information Security we blend risk strategy, digital identity, cyber defense, application security and technology solutions as we consider the entire security lifecycle. You will join a team of hardworking, security-focused individuals dedicated to supporting, protecting and enabling the business through innovative, secure solutions that provide speed to market and business value.

The opportunity

The Client Security Assurance team within Information Security is opening a position in Milan, Italy to support EY client requests regarding its information security and data protection program.

The Client Assurance Senior Specialist is responsible for supporting responses to client and regulatory inquiries and activities regarding EY’s information security governance program.  You’ll primarily be responsible for assisting EY engagement teams in addressing client requests regarding the security of EY’s traditional and cloud-based technology solutions used to deliver our professional services while also performing certain security consulting and security liaison activities. Additionally, you’ll be responsible for assisting EY teams in engaging with our regulators by representing EY Information Security in the areas of information security governance and cybersecurity. You’re likely to balance your time between multiple requests and responsibilities, supporting your team on challenging pursuits and engagements while learning about EY’s leading-edge technologies. As part of that, we’ll need you to have a background in information security and technical disciplines and be able to successfully build relationships with team members.

This position requires excellent English and Italian language speaking, reading and writing abilities.

Your key responsibilities

• Contribute to the development, implementation and maintenance of the Client Security Assurance function for your area
• Support inquiries and onsite assessment requests from local regulators regarding the EY governance process, technologies and information security controls
• Support EY engagement teams with client-lead security assessments, inquiries, and onsite reviews regarding EY’s Global Information Security Program
• Identify opportunities and execute plans to improve the security assurance workflow in both the global and local context while quantifying the business impact of those improvements for communication to management
• Engage with technology and business teams within your area to educate them on EY’s Information Security program, guiding them to the right teams and services to support their needs
• Advise, raise awareness and assist project managers and operational staff on the security requirements (technology, process, data management, etc.) to be integrated into each of our projects
• Work independently with minimal oversight from management
• Minimal travel is anticipated for this position

Skills and attributes for success

• Understanding of security related regulatory and data privacy concerns globally
• Familiarity with the data protection requirements of EU GDPR and Italian regulatory bodies such as Garante per la Protezione dei Dati Personali (IDPA)
• Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change
• Outstanding management, interpersonal, communication, organizational, and decision-making skills

To qualify for the role you must have

• Ten or more years of experience in Information Security or Information Technology disciplines 
• Experience working with common information security standards, such as ISO 27001/27002, NIST, ITIL, COBIT
• Experience with cloud security concepts and enterprise federation services
• Fluency in reading, writing and speaking Italian and English

Ideally, you’ll also have

• An advanced degree in Computer Science, Information Systems, Engineering or a related major
• Professional certifications such as CISSP, GIAC, CISM or CISA
• Experience translating information security concepts into business and technical language

What we look for

• An individual who communicates clearly and with self-confidence
• Ability to understand and integrate cultural differences and work effectively in cross cultural teams
• Demonstrated integrity and judgment within a professional environment
• Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change
• Outstanding management, interpersonal, communication, organizational, and decision-making skills
• The demonstrated characteristics of a forward thinker and self-motivator who thrives on new challenges and adapts to learning new knowledge