About the Role:

EY Israel’s Advanced Security Center (ASC) provides a broad range of cybersecurity services to cross-industry clients.

As a Cybersecurity Consultant within our Governance, Risk, and Compliance (GRC) team, you will play a key role in shaping and enhancing our clients' cybersecurity posture.

Key Responsibilities:

Responsibilities will include to –

Serve as a trusted advisor, collaborating closely with clients to understand their unique challenges and providing expert guidance on cybersecurity and risk management. Manage end-to-end delivery of client engagements, from scoping through execution. Assist clients in developing / enhancing their cybersecurity strategies and multi-year implementation roadmaps, in alignment with their risk landscape. Provide support in the design and implementation of cybersecurity governance frameworks and policies. Conduct comprehensive risk assessments to identify and prioritize cyber risks and develop risk management strategies to mitigate risks effectively. Assist clients in defining risk appetite and tolerance levels aligned to business objectives. Conduct gap assessments to evaluate clients' compliance with relevant standards and frameworks and develop compliance strategies and roadmaps tailored to clients' needs. Support clients in increasing their incident readiness with custom-tailored incident response plans / playbooks and the delivery of tabletop exercises and cyber simulations. Support secure architecture and configuration review for network and security infrastructure and provide recommendations to meet evolving threats. Collaborate on internal innovation initiatives, contribute to the development of new service offerings and the enhancement of existing service methodologies.

 

Your Experience:

You have at least 5 years’ experience working in cybersecurity, with a focus on governance, risk, and compliance. Consideration will be given for equivalent combined experience in an IT, Risk Management or technology management capacity. You have working knowledge of general IT and business processes and familiarity with organizational technology landscapes. Hands-on technology administration is not required, but sufficient familiarity to participate in technical discussions is critical. You have a deep understanding of cyber risk assessment and risk management, and familiarity with cybersecurity- and privacy-related regulatory compliance requirements,  industry standards and frameworks (NIST, PCI, ISO, etc.), and key technical concepts (e.g., networking, protocols, cloud technologies). Preferred: You have demonstrated working knowledge of at least one of the following – SSDLC, secure architecture design, threat modelling, data privacy, AI security, cloud security.

 

Additional Skills:

You have strong analytical and critical reasoning skills, and the ability to analyze complex cybersecurity issues, identify root causes, and identify appropriate solutions. You are self-motivated and an independent learner. You have a strong ability to work collaboratively within a team and build relationships. You are organized and proactive, with strong project management skills and a proven ability to manage concurrent projects and deliver results within budget and on time. You have strong verbal and written communication skills (English and Hebrew) as well as report writing and presentation skills. You are comfortable taking a client-facing role and can effectively convey technical concepts to non-technical stakeholders. A bachelor’s degree in a relevant field and relevant industry certifications (e.g., CISSP, CISM, CRISC) are preferred qualifications; equivalent experience and industry-specific learning will be considered.