We currently are seeking a highly motivated Senior Consultant to support client engagement teams, work with a wide variety of clients to deliver professional services, and participate in business development activities on strategic and global priority accounts. Under the Center of Excellence, our IT Risk Transformation practice focuses on enterprise IT application assessment, Governance, Risk and Compliance (GRC) technology assessment, IT Application and Tool Implementation, and Information Security. We deliver valuable insights and enable better business decisions through improved quality of information. IT Risk Transformation team members deliver world-class information technology advice as part of our broader risk and business improvement services. We provide services such as financial audit IT integration, third party reporting, IT Risk Advisory, information management and analysis and information security. Ernst & Young Advisory Services is a fast-moving, high-growth area with huge potential. It offers variety, challenge, responsibility and the opportunity to realize your leadership potential. Being a member of our Advisory team means you will specialize in a particular competency - Risk, Performance Improvement, or IT Risk & Assurance. Our IT Risk Transformation practice focuses on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. Engagements may be either assurance (attestation) and/or risk advisory in nature, and will vary considerably in size and complexity. IT Risk Transformation teams are designed for the dual purpose of strengthening internal controls and, in so doing, helping to improve IT and business performance. In addition to assurance-related engagements such as financial attestation and SAS 70 engagements, our IT risk advisory services focus on IT governance and effectiveness; IT program management and assurance; information security and controls of Enterprise Resource Planning (ERP) implementations; and business intelligence and information analysis. The opportunity is now! If you are interested in being part of a dynamic team, serving clients and reaching your full potential - Ernst & Young Advisory Services is for you! Ernst & Young's Center of Excellence includes our IT Risk Transformation's Information Security sub-service line which provides knowledge in leading practices and methods in the space of information security across multiple industries and sectors. This team helps our clients assess, design, implement and maintain a secure and high performance business environment. Services include:
* Security strategy - Assess, design and implement a security strategy and governance program framework that describes the process, controls, organization and infrastructure to manage information security related concerns.
* Security implementation - Design, implement and integrate security solutions to address enterprise risks and exposures.
* Security governance - Design and implement security policies, procedures and standards that describe pragmatic, risk-based mechanisms to maintain the confidentiality, integrity and availability of information systems and the data processed therein.
* Security monitoring - Design and implement security solutions to monitor the efficiency and effectiveness of security operations, controls and infrastructure. We currently have a career opportunity for a Senior in Data Protection Solutions with demonstrated experience in developing data protection strategies and implementing solutions to provide data security, privacy and integrity.
Manage projects, including developing project plans, defining project goals and objectives, specifying tasks and how goals will be achieved, what resources are needed, and associating budgets and timelines for completion. Ability to contribute to the development of client deliverables and technical content. Ability to identify and resolve complex issues and develop innovative solutions (advisory skills) for the client's business and technology goals. Define technical and business requirements for data protection solutions. Develop business processes and policies related to controlling access to data. Developing data protection strategies, architectures and implementation plans. Implement multiple data protection products such as: Vontu, Vericept, Verdsys Digital Guardian, Websense Content Protection, Safend Protector, Entrust, Secure Computing IronMail, Tumbleweed MailGate, Symark PowerBroker, PGP, Pointsec, Ingrian DataSecure, Decru DataFort, NetlQ, netForensics, Microsoft Rights Management.
To qualify, candidates must have:
* a bachelor's degree and approximately 2 years of related work experience; or a graduate degree and approximately 1-2 years of related work experience
* prefer approximately 2-3 years of technical architecture experience integrating data protection software into clients' infrastructure and applications
* knowledge of general security concepts and methods such as vulnerability assessments, privacy assessments, intrusion detection, incident response, security policy creation, enterprise security strategies, architectures and governance
* strong understanding of regulatory requirements and compliance issues affecting clients related to privacy and data protection, such as GLBA, Basel II, EU Data Protection Directive, International Cross Border, and U.S. State Data Privacy Laws.
* developing, implementing or architecting information systems experience
* technical architecture experience integrating data protection software into clients' infrastructure
* working knowledge of operating systems such as Microsoft Windows and Unix and OS/400
* working knowledge of mainframe security packages such as TopSecret, ACF2 and RACF
* working knowledge of relational database management systems such as Oracle, Sybase, and MS SQL Server
* network architecture design, implementation and administration
Demonstrated experience in three or more of the following areas:
* Data leakage/content monitoring and filtering
* Secure messaging/email encryption
* Mobile device security
* Disk, file, device, and database encryption
* Key management/Public Key Infrastructure (PKI)
* Data classification and privacy policies
* Digital Rights Management (DRM)
* Logging, monitoring, and security event management
* Secure information storage The successful candidate must also be willing and able to travel 75% of a work schedule.