- Esperienza
- 2–7 anni
- Stipendio
- —
- Aperture
- 1
- Pubblicato
- 5 ore fa
- Modalità di lavoro
- In ufficio
- Istruzione
- Graduate
- Requisiti di ammissibilità
- Graduates or postgraduates in CS, IT, Electronics, Electronics & Telecommunications, MBA, or M.Sc. with 2 to 7 years of relevant experience in security, risk, or audit-related work.
- Riprendere
- È necessario candidarsi
Dove lavorerai
Descrizione del lavoro
About the opportunity
EY is hiring an Analyst for its Technology Risk team in Noida. This role offers a chance to contribute to a growing service line within a well-established global firm while working on assignments that involve technology risk, security, and control evaluation.
What you will do
- Assess controls across a portfolio and judge whether they are designed well, operate effectively, and support the intended risk outcomes; raise issues whenever gaps are found.
- Make sure every assigned control review is completed accurately, follows internal policies and templates, satisfies quality standards, and is delivered on schedule in line with the assessment plan.
- Carry out and oversee testing for a wide range of controls, including ITGC, ITAC, system architecture, operating systems, databases, networks, security tools, cloud services, asset inventories, incident response, recovery management, ISO 27001 and NIST reviews, privacy checks, cyber maturity reviews, IT policy reviews, and SDLC reviews; step in to resolve or redirect escalations when needed.
- Coordinate with control owners and other stakeholders to keep reviews moving smoothly, reduce friction, and obtain support when required.
- Use sound judgment and risk concepts to identify issues, shape findings, and offer practical recommendations that help clients improve processes and manage operational and strategic risk.
- Review IT policies and standards and verify that they align with relevant industry benchmarks.
- Partner closely with cross-functional teams and build strong working relationships while leading IT security and GRC-related projects.
- Keep up to date with applicable regulations, emerging risks, and best practices, and help spread awareness across the organization.
- Work with control frameworks such as COSO and internal control principles, along with related regulations including SOX and J-SOX.
- Be familiar with major industry frameworks and standards such as ISO 27001, NIST, PCI-DSS, SOX, FDA, HIPAA Privacy, HIPAA Security, and the HITECH Act.
- Understand third-party reporting standards, especially SSAE16, and other industry-specific or trust-based standards such as SysTrust and WebTrust.
Skills and attributes for success
- Guide team members, share knowledge, and help execute procedures, especially when the work involves complex or specialized issues.
- Work with both the team and the client to plan engagement activities and create a delivery strategy that meets professional standards and addresses engagement risks.
- Bring experience in information security assessments, including business continuity audits, network security audits, and infrastructure reviews.
- Conduct NIST and ISO assessments, privacy impact audits, data privacy and GDPR implementation work, data inventory development, and third-party risk assessments.
- Maintain strong client relationships by managing expectations around deliverables, timelines, and work products.
- Show a solid understanding of complex information systems and apply that understanding to client situations.
- Use industry knowledge to spot technology trends and assess their effect on the client’s business.
- Demonstrate strong project management capability, encourage teamwork, and use modern tools and technology to improve delivery quality.
- Understand EY’s service lines and evaluate how the firm can best support client needs.
Eligibility and experience
Applicants should be graduates or postgraduates with a background in CS, IT, Electronics, Electronics & Telecommunications, MBA, or M.Sc., and must have 2 to 7 years of relevant experience.
Experience in at least one of these areas is required: ISO assessments, NIST assessments, data privacy audits, network and infrastructure audits, cyber maturity assessments, IT policies and standards assessments, IAM and IT asset management, or IT health checks.
Preferred background
- Strong understanding of program and project management practices.
- Familiarity with the software development life cycle.
About EY
EY works with organizations ranging from early-stage businesses to large global enterprises. The company emphasizes learning, coaching, hands-on experience, and personal growth. Team members are supported through ongoing feedback, opportunities to build new capabilities, and the flexibility to approach their work in a way that suits them best.
What EY offers
- Support, coaching, and feedback from experienced colleagues.
- Opportunities to build new skills and move forward in your career.
- Flexibility and autonomy in how you manage your role.