Risk Consulting - Digital Risk - DevSecOps - Senior - Multiple Locations

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

The opportunity  

The objective of our Digital Risk Consulting service is to support clients with the development, implementation, improvement, and modernization of their technology risk and compliance programs to address the constantly changing risk and technology landscape. Our solutions can be used by our clients to build confidence and trust with their customers, the overall market, and when required by regulation or contract.  

Your key responsibilities  

You will operate as a team leader for engagements to help our clients develop and strengthen their IT risk and compliance programs. You will work directly with clients to review their IT processes and controls, remediate and implement controls, onboard new tools and services into risk and compliance frameworks, and assist with the readiness and adherence for new compliance regulations. Your responsibilities include both in-person and remote oversight and coaching of engagement team members, reporting to both senior engagement team members and client leadership, as well as partnering with our key client contacts to complete the engagement work.

What You'll Do

• Designing and implementing solutions to various data related technical/compliance challenges such as DevSecOps, data strategy, data governance, data risks & relevant controls, data testing, data architecture, data platforms, data solution implementation, data quality and data security to manage and mitigate risk.
• Leveraging data analytics tools/software to build robust and scalable solutions through data analysis and data visualizations using SQL, Python and visualization tools
• Design and implement comprehensive data analytics strategies to support business decision-making.
• Collect, clean, and interpret large datasets from multiple sources, ensuring completeness, accuracy and integrity of data.
• Integrating and/or piloting next-generation technologies such as cloud platforms, machine learning and Generative AI (GenAI)
• Developing custom scripts and algorithms to automate data processing and analysis to generate insights
• Applying business / domain knowledge including regulatory requirements and industry standards to solve complex data related challenges
• Analyzing data to uncover trends and generate insights that can inform business decisions

• Build and maintain relationships across Engineering, Product, Operations, Internal Audit, external audit and other external stakeholders to drive effective financial risk management.
• Work with DevSecOps, Security Assurance, Engineering, and Product teams to improve efficiency of control environments and provide risk management through implementation of automation and process improvement
• Bridge gaps between IT controls and business controls, including ITGCs and automated business controls. Work with IA to ensure complete control environment is managed
• Work with emerging products to understand risk profile and ensure an appropriate control environment is established
• Implement new process and controls in response to changes to the business environment, such as new product introduction, changes in accounting standards, internal process changes or reorganization.

What You'll Need

• Experience in data architecture, data management, data engineering, data science or data analytics
• Experience in building analytical queries and dashboards using SQL, noSQL, Python etc.
• Proficient in SQL and quantitative analysis, you can deep dive into large amounts of data, draw meaningful insights, dissect business issues and draw actionable conclusions
• Knowledge of tools in the following areas:
  • Scripting and Programming (e.g., Python, SQL, R, Java, Scala, etc.)
  • Big Data Tools (e.g., Hadoop, Hive, Pig, Impala, Mahout, etc.)
  • Data Management (e.g., Informatica, Collibra, SAP, Oracle, IBM etc.)
  • Predictive Analytics (e.g., Python, IBM SPSS, SAS Enterprise Miner, RPL, Matl, etc.)
  • Data Visualization (e.g., Tableau, PowerBI, TIBCO-Spotfire, CliqView, SPSS, etc.)
  • Data Mining (e.g., Microsoft SQL Server, etc.)
  • Cloud Platforms (e.g., AWS, Azure, or Google Cloud)

• Ability to analyze complex processes to identify potential financial, operational, systems and compliance risks across major finance cycles
• Ability to assist management with the integration of security practices in the product development lifecycle (DevSecOps)
• Experience with homegrown applications in a microservices/dev-ops environment
• Experience with identifying potential security risks in platform environments and developing strategies to mitigate them
• Experience with SOX readiness assessments and control implementation
• Knowledge of DevOps practices, CI/CD pipelines, code management and automation tools (e.g., Jenkins, Git, Phab, Artifactory, SonarQube, Selenium, Fortify, Acunetix, Prisma Cloud)

Preferred:

• Experience in:
  • Managing technical data projects
  • Leveraging data analytics tools/software to develop solutions and scripts
  • Developing statistical model tools and techniques
  • Developing and executing data governance frameworks or operating models
  • Identifying data risks and designing and/or implementing appropriate controls
  • Implementation of data quality process
  • Developing data services and solutions in a cloud environment
  • Designing data architecture
  • Analyzing complex data sets & communicating findings effectively

• Process management experience, including process redesign and optimization
• Experience in scripting languages (e.g., Python, Bash)
• Experience in cloud platforms (e.g., AWS, Azure, GCP) and securing cloud-based applications/services

To qualify for the role, you must have 

• A bachelor's or master's degree 
• A minimum of 3 years of experience working as an IT risk consultant or data analytics experience.   
• Bring your experience in applying relevant technical knowledge in at least one of the following engagements: (a) risk consulting, (b) financial statement audits; (c) internal or operational audits, (d) IT compliance; and/or (e) Service Organization Controls Reporting engagements.
• We would expect for you to be available to travel outside of their assigned office location at least 50% of the time, plus commute within the region (where public transportation often is not available). Successful candidates must work in excess of standard hours when necessary. A valid passport is required. 

Ideally, you’ll also have 

• A bachelor's or master's degree in business, computer science, information systems, informatics, computer engineering, accounting, or a related discipline 
• CISA, CISSP, CISM, CPA or CA certification is desired; non-certified hires are required to become certified to be eligible for promotion to Manager. 

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.