Senior InfoSec Consultant
About the role
The EY Global Information Security team is looking for a Senior InfoSec Consultant to lead the design, development, and implementation of security controls for market-leading regional and global systems based primarily on Cloud technologies. This role involves working closely with client engagement teams and technologists worldwide to support digitally-enabled services leveraging leading technologies like AI, Blockchain, and Cloud Security.
Responsibilities
- Design, implement, and operate security controls for cloud-based systems and solutions.
- Develop and enforce security protocols for blockchain technologies and applications.
- Collaborate with agile and DevOps environments to ensure security practices align with project timelines.
- Support the integration of security measures into multi-tier business solutions, including application-level access and entitlement management, data tenancy and isolation, encryption, and logging.
- Work with CI/CD pipelines for automated deployment and ensure compliance with ISO27001/2, OWASP, and related regional security standards.
- Manage third-party security assessments and understand the applicability of SOC1 and SOC2 reports, as well as vendor risk management.
Requirements
- Significant working security experience and knowledge in designing, implementing, and operating security controls in areas such as AI security technologies, blockchain, cloud security, application security, and infrastructure security.
- Experience with Agile & DevOps Methodologies, Cloud Security (Microsoft Azure), Application Security, and Infrastructure Security.
- Advanced degree in Computer Science or a related field; CISSP, CCSP, CISM, or similar security certifications preferred.
- Strong communication skills and ability to work with stakeholders ranging from developers to architects to business leaders.
Skills
- Hands-on experience with developing and implementing AI security technologies, especially Gen AI and rapid-growing LLMs.
- Experiences with designing and enforcing security protocols for blockchain technologies and applications.
- Experience with cloud security, including virtualization, cloud infrastructure, and public cloud offerings.
- Understanding of IT system architecture concepts and supporting technologies such as IAM, network security, firewalls, user account management, audit and logging.
- Working experience with open-source web technologies and programming languages, particularly in InfoSec Code Review.
- Knowledge of operational security, information security standards, and cloud security certifications.
- Product management experience, working with broader business teams on security-related activities.
Benefits
Comprehensive compensation and benefits package including medical and dental coverage, pension, and 401(k) plans, along with a flexible vacation policy and a range of paid time off options.
Pay
$128,100 to $239,600 base salary range for the US, with a higher range for New York City Metro Area, Washington State, and California (excluding Sacramento).
Schedule
Hybrid model with most people in external, client-serving roles expected to work together in person 40-60% of the time over the course of an engagement, project, or year.