Risk Consulting - Protect Tech - Manager (IT Risk - Application Security)

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

Key responsibilities

The purpose of this role will be to supervise delivery, provide technical and project leadership to your team members, as well as build relationships with clients. While delivering quality client services and enabling high-performing teams, you will drive high-value work products within expected timeframes and budget. You will monitor progress, manage risks and ensure key stakeholders are kept informed about progress and expected outcomes. Additionally, you should have following skills added below.

• Perform comprehensive Application Security assessments and collaborate with developers to mitigate vulnerabilities.
• Evaluate software architectures to detect potential threats, craft threat models to illustrate possible attack paths, and prioritize security measures.
• Scrutinize developer-written code for security weaknesses, compliance with coding standards, and alignment with best practices, integrating security throughout the development process.
• Execute a suite of security tests, including static (SAST), dynamic (DAST), and interactive (IAST) analyses, to discover and address application vulnerabilities.
• Provide security training to enhance the team's security awareness.
• In critical security incidents, you'll be instrumental in the investigation, containment, and resolution efforts, working alongside incident response teams.
• Guide application onboarding and support developers through the review process, ensuring a smooth integration into our security framework.
• Develop and refine roadmaps and priorities for our Assurance program, focusing on the security of tools and services.
• Lead teams to develop security guidelines and maintain stakeholder relationships.
• Partner with engineering teams and tool owners to proactively embed the Assurance function earlier in the development cycle.
•  Innovate and enhance the Application Risk Assessment program, ensuring continuous improvement.
• Evaluate tools and technologies to identify gaps in data protection and compliance, ensuring adherence to regulatory standards.

To qualify for the role, you must have

• A bachelor’s degree in information technology, Cybersecurity, or Business Management with at least 7 years of experience in product/technical program management, data analysis, or product development, or an equivalent combination of education and experience.
• A minimum of 3 years of experience in managing cross-functional and/or cross-team projects.
• At least 7 years of work experience in technology administration/management, technical risk management, technical risk consulting, and/or software development/engineering.
• Proficiency in coordinating complex process reviews, interpreting results, and clearly articulating findings.
• Possession of at least one relevant industry certification, such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, among others.
• Coding skills ranging from basic to moderate are preferred.
• Prior experience working on an application or service development team is advantageous.
• Excellent written and oral communication skills, with the ability to adjust messaging for different audiences.

EY | Building a better working world 

 
_x000d_ EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.  

 
_x000d_ Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  

 
_x000d_ Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.