As Manager information security, you’ll build valued relationships with external clients and internal peers and develop a portfolio of business by focusing on high impact opportunities. You’ll lead presentations and proposals for moderately complex projects – or for elements of highly complex projects – and provide subject matter insight to bids and proposals.
Drawing on your skills and experience, you’ll create innovative commercial insights for clients, adapt methods and practices to fit operational team and cultural needs, and contribute to thought leadership. In addition, you’ll package overall project findings into clear, concise, high-quality work products. Acting as a subject matter resource on one or more services, you’ll leverage knowledge and experience to shape Ernst & Young’s services to meet client problems.
By driving improvements in business processes, you will lead all aspects of EY’s Information Security Go To Market plan for the selected country/region. While reporting to the MENA Information Security leader, you will be the liaison for local sector teams and work closely with them and other Information Security colleagues to monitor the implementation of the Information Security strategy and Go to Market plan. Your other main responsibilities would be to serve as a subject matter expert for information security topics applicable to EY’s Information Security Strategy.
As a respected senior professional, you’ll communicate effectively with EY’s engagement partners and managers and work to build, manage and motivate high-performing teams. You’ll also help key staff to build sustainable competencies.
Client responsibilities:
► Participate in and, as required, lead Information Security engagements
► Manage the financial aspects of client engagements and communicate significant issues, fees, and estimates-to-complete to partners and clients
► Help partners and directors generate new business opportunities and build client networks and relationships
► Understand all Ernst & Young service offerings and actively identify opportunities to better serve clients
► Build strong internal relationships within Ernst & Young Advisory Services and with other services across the organization
People responsibilities:
► Develop people through effectively supervising, coaching, and mentoring all levels of staff
► Conduct performance reviews and contribute to performance feedback for all levels of staff
► Contribute to people-related initiatives including recruiting, retaining and training IT Risk and Assurance professionals
► Maintain an educational program to continually develop personal skills of all levels of staff
Understand and follow workplace policies and procedures and communicate these to all levels of staff
Technical skills requirements:
You will have at minimum 6 years of experience in Information Security with subject matter expertise on one or several of the following topics:
– Cyber Security
– Cyber threat management
– Security Operations Centers & Cyber threat intelligence
– Identity Access Management (IAM)
– Information Security management
– Data protection and privacy
You will needs to demonstrate success in complex matrix environments such as the one we have in EY with multiple competencies and sectors. You will also need to demonstrate credentials the whole project cycle including pre-sales and delivery of multi-million projects.
Governance and IT management
IT governance and risk:
Control frameworks such as COSO
Enterprise risk services with a specific focus on IT, and related industry standards
IT risk management framework
Common IT governance and control industry frameworks, including CObIT, RiskIT, ValIT, IT
Governance Institute and ISACA good practices
IT industry frameworks such as ITIL and CMM
Project risk:
Robust understanding of program and project management practices
Familiarity with a typical IT systems development life cycle
Experience in developing technical skills specific to a solution, e.g., SAP, Oracle, CRM
Proven business process/analysis skills
IT assurance and compliance
A broad appreciation of business processes, data structures, IT applications and infrastructure, IT processes, and governance and internal control principles.
Depending upon your specific area(s) of focus, you’ll have additional skills and knowledge in:
IT audit in the context of a financial audit, and related regulations, auditing standards and guidelines
Control frameworks such as COSO, internal control principles and related regulations including SOX and J-SOX
Internal audit services with a specific focus on IT, and related industry standards
Common IT governance, control and assurance industry frameworks, including CObIT, RiskIT, ValIT, IT Governance Institute and ISACA good practices
IT industry frameworks such as ITIL and CMM
Third party reporting standards (particularly SAS 70), other reporting and industry specific standards and, if applicable, trust based standards such as SysTrust and WebTrust
Infrastructure
Technically enabled IT /business transformation, program and project delivery, design, architecture and solution design, information management, implementation, operations, and management of IT infrastructure
Information systems security assessment, design, architecture, implementation
Familiarity with security and risk standards such as ISO 2701-2, PCI DSS, NIST, ITIL, COBIT
Experience of security testing methods and techniques including network, operating and application system configuration review and internal/external penetration testing
An understanding of web-based application vulnerabilities, and experience in application security review and testing
Experience of manual attack and penetration testing above and beyond the running of automated tools
Experience in developing custom scripts or programs (used for port scanning and vulnerability identification)
Applications
Application controls and security experiences involving ERPs:
security modeling
sensitive access and SoD testing
controls testing
Process systems and integrity, including risks and controls within business processes (manual, automated, security)
Additional requirements:
► Demonstrated track record with a blue chip consulting organization and/or a blue chip organization
► Demonstrated experience in business development and account management
► Strong academic record including a degree
► Relevant professional qualifications such as CISA, Prince2, PMI, CISSP, CISM, CA, CIA, CGEIT, MBCI
► Relevant technical qualifications such as MCNE, CCSA, CCSE, CCSP, CNE, RHCE, MCSA
► Proficiency in Arabic skill is highly desirable
► A transferrable for Saudi applicants would be highly advantageous
► Available to join after July 2015
You’ll have knowledge and experience in one or more of Ernst & Young’s priority industry sectors:
► Government & Public Sector
► Financial Services
► Utilities
► Energy
► Technology
Who we are:
Information technology is one of the key enablers for modern organizations. As one of our information technology risk and assurance professionals, you’ll work with clients to improve the competitive advantage of their IT operations by enhancing efficiency and effectiveness. You’ll help them create and implement processes to identify risks associated with running their systems and find ways to manage those risks. You can expect to work on some of the biggest external and internal audit engagements in the world and we’ll give you the opportunities and support you need to succeed professionally and personally.
Apply Here