Senior Security Consultant – Mobile and Infrastructure

Join our Core Business Services (CBS) team and you will help support the important business enablement functions that keep our organization running strong. As a CBS professional, you will work across teams to provide the knowledge, resources and tools that help EY deliver exceptional quality service to our clients, win in the marketplace and support EY’s growth and profitability. Major teams within CBS include Finance, Information Technology, Human Resources, Enterprise Support Services, Brand Marketing and Communications, Business Development, Knowledge and Risk Management.
With so many offerings, you have the opportunity to develop your career through a broad scope of engagements, mentoring and formal learning. That’s how we develop outstanding leaders who team to deliver on our promises to all of our stakeholders, and in so doing, play a critical role in building a better working world for our people, for our clients and for our communities. Sound interesting? Well this is just the beginning. Because whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.


Job Summary:


As a Senior Security Consultant, the individual will provide security guidance to internal IT project teams responsible for delivering business solutions. The Information Security Consultant will identify and prioritize security-related requirements, promote secure-by-default designs and ensure information systems and infrastructure will be secured throughout system development life cycle (SDLC).


Essential Functions:


The Information Security Consultant will also be expected to perform risk assessments of information systems and infrastructure, develop appropriate risk treatment and mitigation options, and effectively articulate findings and recommendations to IT project teams and management. The successful candidate must have solid background of security devices and controls used in the infrastructure development of information systems .  The Information Security Specialist will be expected to work on multiple projects and tasks concurrently.


Knowledge and Skills Requirements:


• A minimum of 8-10 years of experience in an Information Security or Information Technology discipline

• One or more years of experience with mobile device security: iOS, Android, mobile applications, mobile forensics analysis, mobile application security analysis, mobile device attack and penetration testing, and secure application development (native, hybrid or HTML5).

• One or more years of experience with Enterprise Mobility Management (EMM): Mobile Device Management, (MDM), Mobile Application Management (MAM), Mobile Enterprise Application Platform (MEAP), Mobile Application Development Platform (MADP), Enterprise App Store (EAS), HTML5, and BYOD.

• Working experience in performing security assessments of applications or mobile applications.

• Experience in supporting acquisition related activities

Experience defining security control requirements related to IT infrastructure and multi-tier information systems.

• Develop appropriate risk treatment and mitigation options to address security risks identified during security review or assessments

• Knowledge of common information security standards and risk methodologies, such as: ISO 27001/27002, NIST, PCI DSS, ITIL, COBIT

• Ability to document business and technical requirements, reports, MSB’s, and presentations.

• Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stake-holders

• Ability to team well with others to facilitate and enhance the understanding & compliance to security policies

• Excellent interpersonal, communication, organizational, and project management skills

• Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change 




• Bachelor’s degree in Computer Science or a related discipline, or equivalent work experience




• Candidates are preferred to hold or be actively pursuing related security professional certifications such as CISSP, CISM or CISA


Leave a Reply