Senior, Cloud Risk

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

JOB DESCRIPTION--Senior –EGRC- Cloud Risk

Job Summary

Cloud Risk focuses on proactively identifying and managing risks across the cloud environment in real-time, to enable business functionality and provide operational stability. Bringing Cloud Risk to life requires actions beyond refining existing Cloud methodologies and operating models. In this role, you will advise clients in identifying and managing Cloud security risks to their IT environments. You’ll also identify potential business opportunities for EY within existing engagements and enable new wins.

Responsibilities

• Develop an understanding of client’s cloud architecture and platforms, current transformation efforts, process execution, and/or culture and skillsets across competencies including, but not limited to Technology and Data Public and Hybrid Cloud Technologies, Data Governance, Tech Transformation, and Path to Production/Tech Change Management.
• Understand the implications that are driving the increased level of risk for each identified risk contributor; consider risk impacts that directly affect the client’s desired target state and how these risks can be mitigated using a combination of technology and process enhancements.
• Develop a strategy to Derisk the Cloud environment across current risk contributors; identify interaction points between the Derisk IT strategy and current IT and risk strategies; prioritize any elements of the strategy that introduce new risks.
• Establish Cloud process, risk, and control metrics that prioritize high-risk services and capabilities and are designed to be monitored, ensuring risk reduction can be accurately measured in real time
• Lead risk assessments and control testing for applications and workloads being migrated to Cloud, to identify potential security risks and compliance gaps.
• Ensure that cloud services adhere to applicable laws, regulations, and industry standards (e.g., GDPR, PCI-DSS, ISO/IEC 27001, NIST).

People responsibilities

• Foster teamwork, quality culture and lead by example.
• Train and mentor, the project resources and team members
• Right attitude towards teaming, ownership, and knowledge sharing
• Prepare reports and schedules that will be delivered to clients and other parties.
• Develop and maintain productive working relationships with client personnel.
• Planning and monitoring of the project deliverables for the team
• Mentor the project team in executing the project deliverables.
• Regular status reporting to the project manager and onsite coordinators
• Good verbal and written communication skills

Mandatory skills requirements

• 3-8 years of experience in the field of technology and technology risk management
• Ability to identify risks within IT and business processes and design appropriate controls to mitigate risks
• Experience in various IT service management, change management and application development tools (e.g. JIRA, GitHub, etc.)
• Experience of embedding security and privacy controls into information systems design
• Experience of using key risk indicators and key performance indicators to manage technology infrastructure risks

Preferred skills

• Strong understanding of the cloud service provider landscape, cloud-native security tools, and features in AWS, Azure, GCP and other cloud providers.
• Profound knowledge of industry benchmarks and best practices for cloud computing, including the CIS, CSA CCM, FFIEC, FedRAMP, etc.
• Basic understanding of Generative AI technologies and their implementations across major cloud service providers like Azure, AWS and GCP.
• Relevant professional qualifications such as M. Tech, MCA, MS, MBA-IT or B.E/B. Tech (Electronics, Electronics & Telecommunications, Comp. Science)

Certifications (Preferred)

• Relevant professional certifications such as CCSP, CCSK, CISM, CRISC, CISA, etc.
• Cloud certifications for AWS, Azure and GCP and/or relevant cloud security certifications.
• Certifications in any tools such as ServiceNow, Jenkins, JIRA, Terraform, GITHUB, etc.

EY | Building a better working world 

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.  

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.