Ernst & Young

About the Role:

EY Israel’s Advanced Security Center (ASC) provides a broad range of cybersecurity services to cross-industry clients.

As a Cybersecurity Consultant within our Governance, Risk, and Compliance (GRC) team, you will play a key role in shaping and enhancing our clients' cybersecurity posture.

Key Responsibilities:

Responsibilities will include to –

• Serve as a trusted advisor, collaborating closely with clients to understand their unique challenges and providing expert guidance on cybersecurity and risk management.
• Manage end-to-end delivery of client engagements, from scoping through execution.
• Assist clients in developing / enhancing their cybersecurity strategies and multi-year implementation roadmaps, in alignment with their risk landscape.
• Provide support in the design and implementation of cybersecurity governance frameworks and policies.
• Conduct comprehensive risk assessments to identify and prioritize cyber risks and develop risk management strategies to mitigate risks effectively.
• Assist clients in defining risk appetite and tolerance levels aligned to business objectives.
• Conduct gap assessments to evaluate clients' compliance with relevant standards and frameworks and develop compliance strategies and roadmaps tailored to clients' needs.
• Support clients in increasing their incident readiness with custom-tailored incident response plans / playbooks and the delivery of tabletop exercises and cyber simulations.
• Support secure architecture and configuration review for network and security infrastructure and provide recommendations to meet evolving threats.
• Collaborate on internal innovation initiatives, contribute to the development of new service offerings and the enhancement of existing service methodologies.

Your Experience:

• You have at least 5 years’ experience working in cybersecurity, with a focus on governance, risk, and compliance. Consideration will be given for equivalent combined experience in an IT, Risk Management or technology management capacity.
• You have working knowledge of general IT and business processes and familiarity with organizational technology landscapes.
• Hands-on technology administration is not required, but sufficient familiarity to participate in technical discussions is critical.
• You have a deep understanding of cyber risk assessment and risk management, and familiarity with cybersecurity- and privacy-related regulatory compliance requirements, industry standards and frameworks (NIST, PCI, ISO, etc.), and key technical concepts (e.g., networking, protocols, cloud technologies).
• Preferred: You have demonstrated working knowledge of at least one of the following – SSDLC, secure architecture design, threat modelling, data privacy, AI security, cloud security.

Additional Skills:

• You have strong analytical and critical reasoning skills, and the ability to analyze complex cybersecurity issues, identify root causes, and identify appropriate solutions.
• You are self-motivated and an independent learner.
• You have a strong ability to work collaboratively within a team and build relationships.
• You are organized and proactive, with strong project management skills and a proven ability to manage concurrent projects and deliver results within budget and on time.
• You have strong verbal and written communication skills (English and Hebrew) as well as report writing and presentation skills.
• You are comfortable taking a client-facing role and can effectively convey technical concepts to non-technical stakeholders.
• A bachelor’s degree in a relevant field and relevant industry certifications (e.g., CISSP, CISM, CRISC) are preferred qualifications; equivalent experience and industry-specific learning will be considered.