Security Consultant

EY is seeking a Security Consultant for our Gurgaon, Haryana, India office. In this role, you will be instrumental in providing critical security guidance to IT project teams that are developing and deploying business solutions utilizing cutting-edge market technologies within the Travel, Meeting & Events industry. Your responsibilities will include identifying and prioritizing security requirements, championing secure-by-default design principles, and ensuring the robust security of information systems and infrastructure throughout the entire System Development Life Cycle (SDLC). You will also conduct risk assessments of third-party information systems and infrastructure, develop effective risk treatment and mitigation strategies, and clearly communicate your findings and recommendations to IT project teams, suppliers, and management.

A strong background in application and/or infrastructure development, coupled with extensive experience across various information security and technical disciplines, is essential. You must be capable of providing practical, business-aligned security advice. This position requires the ability to manage multiple projects and tasks concurrently.

About EY Technology

Technology is fundamental to EY's operations and service delivery, enabling our global workforce of over 280,000 people in more than 140 countries to perform their roles efficiently and securely. From individual devices to enterprise-wide systems, technology underpins our connectivity, remote work capabilities, internal tools, and client-facing solutions. EY Technology is organized into three key business units:

• Client Technology (CT): Focuses on innovating new technology services for our clients, accelerating the identification and pursuit of technology-based opportunities.
• Enterprise Technology (ET): Supports our Core Business Services functions by delivering cost-effective, fit-for-purpose technology infrastructure and enhancing the user experience for internal technology needs.
• Information Security (Info Sec): Dedicated to preventing, detecting, responding to, and mitigating cyber risks, thereby protecting EY and client data, as well as our information management systems.

The Opportunity

The Business Enablement Security Consulting group, reporting to the Deputy CISO of Enterprise Workplace Technology, offers a hands-on role focused on the secure design, architecture, and development of applications. A significant portion of this work involves engaging with third parties to procure cloud-based, mobile-enabled services that enhance the EY employee experience. This includes complex Travel solutions, Meeting & Events applications, Ground Transportation services, and Workplace Experience enhancements. These evolving services present opportunities to lead the market with security as a core consideration, aligning with EY's commitment to innovation and global deployment of such services.

As a Security Consultant, you will collaborate directly with Architects, Developers, IAM engineers, Project Managers, Suppliers, and other relevant resources. Through teamwork and mentorship, you will guide teams in delivering secure business solutions. This technical position supports global strategies and architectural visions for the secure design, build, deployment, and operation of business applications and their associated infrastructure.

Your Key Responsibilities

• Serve as an individual contributor supporting multiple project teams in the design, implementation, and certification of security controls across IT systems, including new platforms and products within EY.
• Apply knowledge of various IT system architectures and technologies such as Travel solutions, Meeting & Events applications hosted in different cloud environments with mobile app offerings.
• Support technologies including Identity and Access Management (IAM), network security, firewalls, user account management, audit & logging, and other security concepts aligned with ISO27001, OWASP, and related security standards.
• Conduct third-party security assessments, evaluate SOC1 and SOC2 reports, and apply principles of vendor risk management.

Skills and Attributes for Success

• Significant working security experience (automation platform experience is a plus) and knowledge in designing, implementing, and operating security controls in at least two of the following areas (Application Security & Mobile Security are preferred):
  • Application Security: Experience designing security controls for multi-tier business solutions, including application-level access and entitlement management, data tenancy and isolation, encryption, and logging. Familiarity with REST API and microservices architecture.
  • Cloud Security: Technical understanding of virtualization, cloud infrastructure, and public cloud offerings, with experience designing security configurations and controls within cloud-based solutions, particularly in Microsoft Azure and Azure PAAS services.
  • Mobile Security: Technical understanding of mobile security standards, platforms, and testing. Experience designing security configurations and controls for mobile device-based solutions. Experience integrating mobile apps with Microsoft InTune platform is an advantage.
  • Infrastructure Security: Experience integrating common infrastructure security technologies and solutions into business solution architectures, including identity and access management, intrusion detection and prevention, security monitoring, and data encryption solutions.
  • Agile & DevOps Methodologies: Experience as a contributing member of a balanced team within an Agile development or DevOps environment.
  • Identity and Access Management: Experience with Active Directory-based Identity and Access Management and Authorization design, including integration with IDaaS and Federation technologies.

To Qualify for the Role, You Must Have

• Eight or more years of IT industry experience, with a minimum of eight years of relevant experience in Information Security.
• A Bachelor's or Master's degree in Computer Science or a related discipline, or equivalent work experience.
• Experience reviewing mobile applications and platforms, with knowledge of cloud environment setup and common security requirements for such platforms is a plus.
• Proven experience in providing and validating security requirements related to information system design and implementation.
• Experience providing and validating security requirements for a broad range of operating systems and databases.
• Experience conducting risk assessments, vulnerability assessments, vendor and third-party risk assessments, and recommending risk remediation strategies.
• Experience utilizing tools and methods to identify security exposures and business risks.
• Familiarity with information system attack methods and vulnerabilities.

Ideally, You'll Also Have

• Professional certifications such as CISSP, CISM, or CISA are preferred, or candidates actively pursuing them.
• Knowledge of common information security standards, including ISO 27001/27002, NIST, PCI DSS, ITIL, and COBIT.
• Working experience with the design and engineering of web-based multi-tier information systems and architecture design.
• Working experience with web technologies and programming languages.
• Working experience with operating systems and database platforms.
• Working experience with mobile applications and mobile enterprise application platforms.
• Working experience with more than one of the following technologies: Java, .NET, Oracle, SQL, C++, WebSphere, SharePoint, IIS.
• Working experience with Cloud & Mobile solutions.

What We Look For

• Ability to collaborate effectively with team members to enhance the understanding and compliance with security policies.
• Capacity to work effectively with customers, management, staff, vendors, and consultants, and to articulate findings and recommendations clearly.
• Strong English communication and writing skills.
• Strong judgment and analytical abilities.
• Excellent interpersonal, communication, organizational, and project management skills.
• Flexibility to adapt to multiple demands, shifting priorities, ambiguity, and rapid change.
• Demonstrated integrity in a professional environment.
• Willingness to work within CET timezone to support US & EU initiatives, with flexibility as required.

What Working at EY Offers

We offer a competitive remuneration package rewarding individual and team performance. Our comprehensive Total Rewards package supports flexible working and career development. Through FlexEY, you can tailor benefits to your needs, including holidays, health and well-being, insurance, savings, and a wide range of discounts and promotions. Additionally, you will benefit from:

• Support, coaching, and feedback from engaging colleagues.
• Opportunities to develop new skills and advance your career.
• The freedom and flexibility to manage your role effectively.

EY is committed to fostering an inclusive employer environment and is happy to consider flexible working arrangements. We aim to achieve the right balance for our people, enabling excellent client service while supporting career growth without sacrificing personal priorities. While client-facing professionals may travel regularly and work on-site at client locations, our flexible working arrangements contribute to lifestyle balance.

EY's mission is to build a better working world, creating long-term value for clients, people, and society, and reinforcing trust in capital markets. Enabled by data and technology, our diverse global teams in over 150 countries provide trust through assurance and help clients grow, transform, and operate. Working across assurance, consulting, law, strategy, tax, and transactions, EY teams ask better questions to find new answers to the complex issues facing our world today.