Risk Consulting - Digital Risk - Manager - Cyber

Job description - Manager – Cybersecurity (Risk Consulting – Digital Risk)

Requisition ID: <TBC>

EY focuses on high-ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities. At EY GDS, you’ll have the chance to build a career as unique as you are, with global scale, support, inclusive culture, and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY GDS become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

The opportunity

The objective of our risk consulting services is to provide clients with a candid and reliable overview of their risk landscape. Our solutions can be used by our clients to build confidence and trust with their customers, the overall market and when required by regulation or contract.

For our Cyber Risk services, the ideal candidate will be responsible for leading engagements focused on testing and validating cybersecurity controls across organizations. This role involves working closely with IT, security teams, and business units to ensure that organizations’ cyber risk posture is aligned with their business objectives and regulatory requirements.

Your key responsibilities

• Operate as a fieldwork leader, assisting clients in identifying, assessing, and monitoring key information security risks.
• Work closely with client personnel to analyze risk landscapes and information systems, leveraging technical expertise to identify strategic and tactical improvement opportunities.
• Collaborate with engagement teams to plan engagements, develop work programs, timelines, risk assessments, and testing procedures.
• Serve as a fieldwork leader by directing daily testing activities, informing supervisors of engagement status, and managing staff performance.
• Support cyber monitoring and response activities using tools such as CrowdStrike, Splunk, and Microsoft Sentinel.
• Apply a strong understanding of NIST CSF 2.0 in testing execution and reporting.
• Prepare detailed reports and recommendations aligned with US work product quality standards.

Skills and attributes for success

• Strong fundamentals across the cybersecurity domain, including cyber risk management, cyber resilience, and security policies and procedures.
• Proven experience leading engagements across strategy and governance, audits, risk assessments, and maturity assessments.
• Strong audit mindset with the ability to design, execute, and evidence control testing across cyber and IT domains; OT exposure is a plus.
• Proven ability to lead multi-location teams, manage risks, and deliver high-quality outcomes within agreed timelines and budgets.
• Strong written and verbal communication skills in English (non-negotiable).
• Ability to manage time effectively and work in US time zones.
• Ability to inspire teamwork, accountability, and responsibility within engagement teams.
• Ability to align cyber and cloud security controls with frameworks and standards such as ISO 27001, NIST CSF, SOC 2, PCI DSS, and privacy expectations.
• Strong written and verbal communication skills in English (non-negotiable).
• Ability to follow defined methodologies, instructions, and testing procedures.
• Ability to complete assigned tasks within agreed timelines and quality expectations.
• Strong project management skills with the ability to deliver high-quality outputs under tight deadlines.
• Good understanding of network security (firewalls, SD-WAN, familiarity with Vectra AI).
• Good understanding of cloud security across Azure, AWS, and GCP.

Behavioral skills:

• Demonstrate adaptability and agility, with a strong commitment to continuous learning and professional development.
• Exhibits end-to-end engagement leadership, delivering security audits and cyber risk assessments across complex environments.
• Brings an innovation-oriented mindset, leveraging AI/ML-driven analytics and automation to enhance risk detection, control testing efficiency, and continuous compliance monitoring.
• Actively contributes to practice-building initiatives, including development of accelerators, tools, and reusable assets.
• Proven ability to lead, mentor, and guide teams to deliver high-quality outcomes.
• Communicates effectively and manages stakeholder expectations across multiple levels of the organization.

To qualify for the role, you must have.

• Bachelor’s or Master’s degree in Information Technology, Cybersecurity, Risk Management, or a related field.
• 7–12 years of experience in cybersecurity testing and risk assessment.
• Professional certifications such as CISSP, CISM, or CRISC (preferred).
• Certifications: ISO 27001:2022, CISM, CISA, CCNA are a plus.
• Familiarity with regulatory frameworks and compliance standards, including ISO 27001, ISO 27017, ISO 42001, NIST CSF.

Ideally, you’ll also have

• Cloud-based certifications such as CCSP, CCSK, or AWS/Azure/GCP security certifications are a plus.
• Experience designing and executing cybersecurity testing programs aligned with NIST CSF 2.0.