Risk Consulting - Digital Risk - Senior - Cyber

Job description - Senior – Cybersecurity (Risk Consulting – Digital Risk)

EY focuses on high-ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities. At EY GDS, you’ll have the chance to build a career as unique as you are, with global scale, support, inclusive culture, and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY GDS become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

The opportunity

The objective of our risk consulting services is to provide clients with a candid and reliable overview of their risk landscape. Our solutions can be used by our clients to build confidence and trust with their customers, the overall market and when required by regulation or contract.

For our Cyber Risk services, the ideal candidate will support engagements focused on testing and validating cybersecurity controls across organizations. This role involves working closely with IT, security teams, and business units to ensure that organizations’ cyber risk posture is aligned with their business objectives and regulatory requirements.

Your key responsibilities

• Work closely with client personnel to analyze risk landscapes and information systems, leveraging technical expertise to identify strategic and tactical improvement opportunities.
• Collaborate with engagement teams to plan engagements, develop work programs, timelines, risk assessments, and testing procedures.
• Serve as a fieldwork leader by directing daily testing activities, informing supervisors of engagement status, and managing staff performance.
• Support cyber monitoring and response activities using tools such as CrowdStrike, Splunk, and Microsoft Sentinel.
• Apply a strong understanding of NIST CSF 2.0 in testing execution and reporting.
• Prepare detailed reports and recommendations aligned with US work product quality standards.

Skills and attributes for success

• Strong fundamentals across the cybersecurity domain, including cyber risk management, cyber resilience, and security policies and procedures.
• Proven experience performing engagements across strategy and governance, audits, risk assessments, and maturity assessments.
• Strong audit mindset with the ability to design, execute, and evidence control testing across cyber and IT domains; OT exposure is a plus.
• Proven ability to lead multi-location teams, manage risks, and deliver high-quality outcomes within agreed timelines and budgets.
• Strong written and verbal communication skills in English (non-negotiable).
• Ability to manage time effectively and work in US time zones.
• Ability to inspire teamwork, accountability, and responsibility within engagement teams.
• Ability to align cyber and cloud security controls with frameworks and standards such as ISO 27001, NIST CSF, SOC 2, PCI DSS, and privacy expectations.
• Strong written and verbal communication skills in English (non-negotiable).
• Ability to follow defined methodologies, instructions, and testing procedures.
• Ability to complete assigned tasks within agreed timelines and quality expectations.
• Good understanding of network security (firewalls, SD-WAN, familiarity with Vectra AI) is a plus.
• Good understanding of cloud security across Azure, AWS, and GCP is a plus.

To qualify for the role, you must have.

• A bachelor’s degree in Information Technology, Cybersecurity, Risk Management, or a related field
• Proven 3–6 years of experience in cybersecurity testing or risk assessment.
• Certifications: ISO 27001:2022, CISM, CISA, CCNA are a plus.
• Familiarity with regulatory frameworks and compliance standards including ISO 27001, ISO 27017, ISO 42001, NIST CSF

Ideally, you’ll also have

• Certifications such as CISA, CISSP, or AWS/Azure/GCP security certifications are preferred.