Senior Cybersecurity Consultant

About EY

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY focuses on high-ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities. At EY GDS, you’ll have the chance to build a career as unique as you are, with global scale, support, inclusive culture, and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY GDS become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

The Opportunity: Senior Cybersecurity Consultant

The objective of our risk consulting services is to provide clients with a candid and reliable overview of their risk landscape. Our solutions can be used by our clients to build confidence and trust with their customers, the overall market and when required by regulation or contract. For our Cyber Risk services, the ideal Senior Cybersecurity Consultant will support engagements focused on testing and validating cybersecurity controls across organizations. This role involves working closely with IT, security teams, and business units to ensure that organizations’ cyber risk posture is aligned with their business objectives and regulatory requirements.

Your Key Responsibilities

• Work closely with client personnel to analyze risk landscapes and information systems, leveraging technical expertise to identify strategic and tactical improvement opportunities.
• Collaborate with engagement teams to plan engagements, develop work programs, timelines, risk assessments, and testing procedures.
• Serve as a fieldwork leader by directing daily testing activities, informing supervisors of engagement status, and managing staff performance.
• Support cyber monitoring and response activities using tools such as CrowdStrike, Splunk, and Microsoft Sentinel.
• Apply a strong understanding of NIST CSF 2.0 in testing execution and reporting.
• Prepare detailed reports and recommendations aligned with US work product quality standards.

Skills and Attributes for Success

• Strong fundamentals across the cybersecurity domain, including cyber risk management, cyber resilience, and security policies and procedures.
• Proven experience performing engagements across strategy and governance, audits, risk assessments, and maturity assessments.
• Strong audit mindset with the ability to design, execute, and evidence control testing across cyber and IT domains; OT exposure is a plus.
• Proven ability to lead multi-location teams, manage risks, and deliver high-quality outcomes within agreed timelines and budgets.
• Strong written and verbal communication skills in English (non-negotiable).
• Ability to manage time effectively and work in US time zones.
• Ability to inspire teamwork, accountability, and responsibility within engagement teams.
• Ability to align cyber and cloud security controls with frameworks and standards such as ISO 27001, NIST CSF, SOC 2, PCI DSS, and privacy expectations.
• Ability to follow defined methodologies, instructions, and testing procedures.
• Ability to complete assigned tasks within agreed timelines and quality expectations.
• Good understanding of network security (firewalls, SD-WAN, familiarity with Vectra AI) is a plus.
• Good understanding of cloud security across Azure, AWS, and GCP is a plus.

To Qualify for the Role, You Must Have

• A bachelor’s degree in Information Technology, Cybersecurity, Risk Management, or a related field.
• Proven 3–6 years of experience in cybersecurity testing or risk assessment.
• Familiarity with regulatory frameworks and compliance standards including ISO 27001, ISO 27017, ISO 42001, NIST CSF.

Ideally, You’ll Also Have

• Certifications such as CISA, CISSP, ISO 27001:2022, CISM, CCNA or AWS/Azure/GCP security certifications are preferred.

Key skills/competency

• Cybersecurity
• Risk Management
• Control Testing
• NIST CSF
• ISO 27001
• Cloud Security
• Splunk
• CrowdStrike
• Microsoft Sentinel
• Audit