At EY, we’re all in to shape your future with confidence.
We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go.
Join EY and help to build a better working world.
**The Opportunity**
Our EY Consulting ambition is to become the world’s leading transformation consultants, trusted to help our clients generate long-term value. We’re building world-class capabilities in business, technology and people consulting to help us deliver on EY’s purpose of building a better working world — our firm’s broader ambition to become the world’s most trusted, distinctive professional services organization.
Our clients are at the heart of our new strategy. We’re focused on solving the key issues of our client buyers, building deeper relationships, and making a greater impact. We’re introducing a new go-to-market narrative — Transformation Realized — to help us harness the core drivers of transformation that will create long-term value for our clients.
To achieve this, we are seeking a** Cybersecurity Risk Consultant**to join our **growing Cybersecurity practice**. Our team is part of EY’s Central, Eastern and Southeastern Europe (CESA) cluster, delivering market leading services to organizations across industries in Malta and internationally.
The transformation imperative is urgent, challenging and opportunity-rich, interested to join us?
**Your Key Responsibilities**
As a Cybersecurity Risk Consultant, you will work in a team and / or lead the cybersecurity engagement and projects for our clients. They may include implementation of security solutions for our clients and support clients in their desire to protect their business. You will belong to an international connected team of specialists helping our clients with their most complex information security needs and contributing toward their business resilience.
Your main responsibilities will be:
- Assist client in evaluating, enhancing, or developing, and managing their:
- Cybersecurity program including technology controls, process controls, and governance, technology risk elements. o Business Continuity and Disaster Recovery Management programs o Data Protection and Privacy
- Threat and Vulnerability Management programs
- Security Incident Detection and Response management programs o Identity and access management programs
- Design and implementation of security policies, procedures, standards, and controls in line with regulation and/or current standards, ISO27001, NIST, SANS etc.
- Implementation of data protection and / or privacy programs to address confidentiality and security of personal data.
- Serve as a trusted advisor, collaborating closely with clients to understand their unique challenges and providing expert guidance on cybersecurity and risk management.
- Manage end-to-end delivery of client engagements, from scoping through execution.
- Assist clients in developing / enhancing their cybersecurity strategies and multi-year implementation roadmaps, in alignment with their risk landscape.
- Provide support in the design and implementation of cybersecurity governance frameworks and policies.
- Conduct comprehensive technology risk and controls assessments to identify and prioritize cyber risks and develop risk management strategies to mitigate risks effectively.
- Assist clients in defining risk appetite and tolerance levels aligned to business objectives.
- Conduct gap and maturity assessments with relevant standards and frameworks and develop compliance strategies and roadmaps tailored to clients' needs (i.e. DORA, NIS2, ISO 27001, etc).
- Collaborate on internal innovation initiatives, contribute to the development of new service offerings and the enhancement of existing service methodologies.
**To qualify for the role, you should have**:
- A BSc. degree in Computer Science, Information Technology, Cyber Security, or a related field.**:
- A MSc. degree in Information Security, Cyber Security or a related field will be considered an advantage.**:
- Up to 3 years of related experience in Information Security / Cybersecurity, with a focus on IT governance and technology risk. Consideration will be given for equivalent combined experience in an IT Risk Management, or Cybersecurity capacity.**:
- A professional qualification such as: CISM, CISA, CRISC, CISSP, ISO 27001, or related.**:
- Knowledge of general IT and business processes and familiarity with organizational technology landscapes.
- Understanding of cyber risk assessment and technology risk management, and familiarity with cybersecurity and privacy-related regulatory compliance requirements, industry standards and frameworks (DORA, NIS2, PCI DSS, ISO 27k, etc.), and key technical concepts (e.g., networking, protocols, cloud technologies).
**Ideally you should also have**:
- Experience in client service delivery and be able to manage multiple engagement teams and projects.**:
- Good project management skills.**:
- E