IT Security Consultant in England - London, United Kingdom

at Ernst & Young

Information Technology
Minimum Qualification
Bachelor's Degree
Required Experience
7 - 10 years
Employment Type
Full Time
Male or Female

Job Description

As a Security Consultant within the global Information Security team, the individual will be a trusted security advisor to a portfolio of IT project teams responsible for delivering business solutions. The Security Consultant will provide security guidance, identify and prioritize security-related requirements, promote secure-by-default designs and facilitate delivery of information security services throughout the system development life cycle (SDLC). The Security Consultant will also be expected to perform risk assessments of information systems and infrastructure, develop appropriate risk treatment and mitigation options, and effectively articulate findings and recommendations to IT project teams and management. The successful candidate should have solid background in application and or infrastructure development, broad experience over an array of information security and technical disciplines and be able to provide pragmatic, business-aligned security guidance. The Security Consultant will be expected to work on multiple projects and tasks concurrently. 


· Define and provide pragmatic security guidance that balance business benefit and risks. 

· Engage IT project teams throughout the SDLC to identify and prioritize applicable security controls and provide guidance on how to implement these controls 

· Perform risk assessments of information systems and infrastructure 

· Maintain and enhance the Information Security risk assessment methodology 

· Define security configuration standards for platforms and technologies 

· Develop appropriate risk treatment and mitigation options to address security risks identified during security review or audit 

· Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stake-holders 

· Provide knowledge sharing and technical assistance to other team members 

· Act as Subject Matter Expert (SME) in responsible technologies and have deep technical understanding of responsible portfolios



  • Bachelor's degree in Computer Science or a related discipline, or equivalent work experience
  • Advanced degree preferred

  • Experience:
    Extensive experience in an Information Security or Information Technology discipline with demonstrated experience in one or more the following: 

  • Experience providing and validating security requirements related to cloud security (for private, public and hybrid), web based security, information system design and implementation and a broad range of operating systems and databases
  • Experience conducting risk assessments, architecture reviews, vulnerability assessments, vendor and third party risk assessments and recommending risk remediation strategiesExperience in the use of tools and methods to identify security exposures and business risks
  • Knowledge of common information security standards, such as: ISO 27001/27002, NIST, PCI DSS, ITIL, COBIT
  • Knowledge of OWASP top 10 and remediation’s of attacks against web applications. The ability to convey the risks to IT and business stakeholders
  • Familiarity with information system attack methods and vulnerabilities
  • Working experience with the design and engineering of web-based multi-tier information systems and architecture design
  • Working experience with web technologies, application firewalls and programming languages
  • Working experience with operating systems and database platforms
  • Working experience with mobile applications and mobile enterprise application platforms
  • Working experience with more than one of these technologies, i.e. Java, .NET, Oracle, SQL, C++, webSphere, Sharepoint, IIS, Apache, etc
  • Working experience with Cloud solutions

  • Skills:

  • Demonstrated integrity in a professional service environment
  • Ability to work well within global virtual teams
  • Ability to team well with others to facilitate and enhance the understanding & compliance to security policies
  • Ability to work effectively with customers, management, staff members, vendors, and consultants and articulate findings and recommendations
  • Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change
  • Candidates are preferred to hold or be actively pursuing related professional certifications within the GIAC family of certifications or CISSP, CISM or CISA
  •   Apply Now

    Sponsored Jobs in United States

    Ads by Careerslip