This job posting isn't available in all website languages
Core Business Services
GLO000R1 Requisition #
Thanks for your interest in the Senior Information Security Specialist (Assistant Director) position. Unfortunately, the link which you have accessed is no longer active. Please CLICK HERE to return to the EY Global careers site and use keywords to search for this job as it still might be active, or you can also review our similar listings and apply.

Key responsibilities:
  • Define and provide pragmatic security guidance that balance business benefit and risks.
  • Engage IT project teams throughout the SDLC to identify and prioritize applicable security controls and provide guidance on how to implement these controls
  • Perform risk assessments of information systems and infrastructure
  • Maintain and enhance the Information Security risk assessment methodology
  • Define security configuration standards for platforms and technologies
  • Develop appropriate risk treatment and mitigation options to address security risks identified during security review or audit
  • Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stake-holders
  • Provide knowledge sharing and technical assistance to other team members
  • Act as Subject Matter Expert (SME) in responsible technologies and have deep technical understanding of responsible portfolios
Knowledge, skills and experience requirements:
  • Demonstrated integrity in a professional environment
  • Ability to team well with others to facilitate and enhance the understanding & compliance to security policies
  • Ability to work effectively with customers, management, staff members, vendors, and consultants and articulate findings and recommendations
  • Strong English communication and writing skills are required
  • Strong judgment and analytical ability
  • Excellent interpersonal, communication, organizational, and project management skills
  • Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change
  • Candidates are preferred to hold or be actively pursuing related professional certifications such as CISSP, CISM or CISA
  • Fluent in speaking and writing in Mandarin and/or Cantonese.
Qualifications, certifications and education requirements:
  • Bachelor's degree in Computer Science or a related discipline, or equivalent work experience
  • Advanced degree preferred
  • Five or more years of experience in an Information Security or Information Technology discipline with demonstrated experience in one or more the following:
  • Experience providing and validating security requirements related to information system design and implementation
  • Experience providing and validating security requirements related to a broad range of operating systems and databases
  • Experience conducting risk assessments, vulnerability assessments, vendor and third party risk assessments and recommending risk remediation strategies
  • Experience in the use of tools and methods to identify security exposures and business risks
  • Knowledge of common information security standards, such as: ISO 27001/27002, NIST, PCI DSS, ITIL, COBIT
  • Familiarity with information system attack methods and vulnerabilities
  • Working experience with the design and engineering of web-based multi-tier information systems and architecture design
  • Working experience with web technologies and programming languages
  • Working experience with operating systems and database platforms
  • Working experience with mobile applications and mobile enterprise application platforms
  • Working experience with more than one of these technologies, i.e. Java, .NET, Oracle, SQL, C++, webSphere, Sharepoint, IIS, etc.
  • Working experience with Cloud solutions.
Who we are
EY is committed to being an inclusive employer and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service while allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.

My Profile

Create and manage profiles for future opportunities.

Go to Profile

My Submissions

Track your opportunities.

My Submissions
Please try again.


Either there was a problem on our end with the action you just performed, or we are currently having technical difficulties with our system. Please try again later.