Senior InfoSec Consultant

The opportunity

The EY Global Information Security team is looking for new members to help manage security risk using the latest technologies and invent new ways to work. The role involves embedding information security into many new projects as part of EY’s Global Innovations practice.

• Design, develop, and assess all aspects of security for market‑leading regional and global systems primarily based on Cloud technologies.
• Serve as an individual contributor to multiple project teams using Cloud‑based, Agile‑developed systems and CI/CD automation.
• Participate in design, implementation and certification of security controls across solutions, with knowledge of IT system architecture and emerging technologies (AI, Blockchain, Quantum, etc.).
• Support the application of ISO 27001/27002, OWASP and related standards, and provide guidance for SOC 1/SOC 2 and vendor risk management.

• Hands‑on experience with AI security technologies, Gen AI and LLMs.
• Experience designing and enforcing security protocols for blockchain technologies.
• Agile & Dev Ops; a contributing member of a balanced team in an Agile or Dev Ops environment.
• Cloud Security:
  Virtualization, public cloud offerings, and designing security configuration for Microsoft Azure and Azure PaaS services (SQL, Service Bus, Service Fabric, Data Lake, PowerBI).
• Application Security: design of security controls for multi‑tier solutions, entitlement management, data tenancy, encryption, logging, REST API and microservices architecture.
• Infrastructure Security: integration of identity & access management, intrusion detection, security monitoring, data encryption.
• Open‑source web technologies and programming languages, with info‑Sec code review.
• Experience in Microsoft Azure environments and PaaS/SaaS architecture, including AI, Blockchain, Quantum, Metaverse subjects.
• Knowledge of IAM, network security, firewalls, audit, logging as outlined in ISO 27001/27002, OWASP and regional standards.
• Advanced degree in Computer Science or equivalent experience; CISSP, CCSP, CISM or similar certifications preferred.
• Strong communication skills to engage stakeholders from developers to business leaders.

• Operational Security: defining operational models and procedures for business solutions.
• Information Security Standards: knowledge of ISO 27001/27002, CSA and CIS Controls.
• Cloud security certifications such as AZ‑500 Azure Security Engineer.
• Product Management experience working with broader business teams on security across all phases.

Passion for information security and a demonstrated ability to apply knowledge to emerging technologies supporting a global professional services firm.

• Comprehensive compensation and benefits; base salary in the U.S. ranges from $128,100 to $239,600, with higher ranges for NYC, Washington, and California regions.
• Medical and dental coverage, pension and 401(k) plans, and paid time off.
• Hybrid work model: most client‑serving roles work in person 40‑60% of the time during engagements.
• Flexible vacation: employees decide how much time off they need, plus EY Paid Holidays and additional leave options.

EY accepts applications for this position on an ongoing basis.

EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law.

EY is committed to providing reasonable accommodation to qualified individuals with disabilities, including veterans. If you require assistance applying online or accommodation during the application process, contact 1‑800‑EY‑HELP3 or email