Risk Consulting - Digital Risk - Senior - Cloud

Job description - Senior – Cloud (Risk Consulting – Digital Risk)

EY focuses on high-ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities. At EY GDS, you’ll have the chance to build a career as unique as you are, with global scale, support, inclusive culture, and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY GDS become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

The opportunity

The objective of our Risk Consulting services is to provide clients with a candid and reliable overview of their risk landscape. Our solutions enable clients to build confidence and trust with customers, regulators, and the broader market.

Within Cloud Risk and Security, this role focuses on leading engagements that assess, test, and validate cloud security and risk controls across AWS, Azure, and Google Cloud Platform environments. The role involves working closely with IT, cloud engineering, security teams, and business stakeholders to ensure that cloud environments are secure, resilient, and aligned with business objectives and regulatory requirements.

Your key responsibilities

• Deliver high-quality client services across cloud security audits, risk assessments, and architecture reviews in AWS, Azure, and GCP environments.
• Execute control testing for identity and access management, encryption and key management, logging and monitoring, and backup and disaster recovery strategies.
• Apply knowledge of cloud-native security tools and industry frameworks to identify risks and control gaps during cloud transformations and migrations.
• Support the use of AI/ML-driven techniques to enhance risk detection and automate compliance and control checks.
• Work closely with client personnel to analyze, evaluate, and improve security controls at both procedural and technology levels.
• Communicate engagement observations, risks, and industry trends to engagement teams and client stakeholders through clear reports, dashboards, and presentations.
• Demonstrate strong technical capability and professional judgment, with the ability to quickly assimilate new cloud technologies and frameworks.

Skills and attributes for success

• Strong understanding of cloud platforms (AWS, Azure, GCP) and their native security services.
• Ability to identify risks associated with cloud transformations and migrations and support the design of appropriate control frameworks.
• Hands-on experience implementing, assessing, and supporting cloud infrastructure security controls.
• Strong written and verbal communication skills, including documentation and report writing.
• Ability to work collaboratively in client-facing environments, managing multiple priorities effectively and delivering to agreed timelines.

Behavioral Skills

• Demonstrates adaptability and agility, with a strong commitment to continuous learning across cloud platforms and emerging technologies.
• Brings an innovation-oriented mindset, leveraging automation and analytics to enhance control testing efficiency and continuous monitoring.
• Actively contributes to practice-building initiatives, including development of accelerators, tools, and reusable assets.
• Communicates effectively and manages stakeholder expectations across technical and business audiences.

To qualify for the role, you must have.

• Bachelor’s or Master’s degree with 3–6 years of relevant experience and, 2–4 years of experience in IT cloud risk and cloud security assessments.
• Good technical understanding of cloud platforms such as AWS, Azure, or Google Cloud Platform.
• Experience designing and assessing IT control frameworks, including IT general controls, application controls, and interface controls for cloud environments.
• Exposure to cloud security audits, architecture reviews, and control testing engagements.
• Strong client-facing experience with the ability to collaborate effectively with IT, security, internal audit, and business stakeholders.
• Cloud-related certifications such as CCSK, or AWS/Azure/GCP security certifications are preferred.

Ideally, you’ll also have

• Familiarity with frameworks and standards such as ISO 27001, NIST CSF, SOC 2, and related regulatory requirements is a plus.
• Experience with DevSecOps, infrastructure-as-code (IaC) security, and policy-as-code practices.
• Exposure to AI/ML applications in risk analytics, control automation, or compliance monitoring.