AppSec Jobs
← Back to all jobs

EY

Chief Information Security Officer (CISO) - US Government & Public Sector

Iselin, NJWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About EY

EY (Ernst & Young) is a leading multinational professional services firm and one of the Big Four accounting firms. Established in 1989 through the merger of Ernst & Whinney and Arthur Young & Co., the company has roots dating back to the early 1900s. With over 700 offices in more than 150 countries, EY employs over 190,000 people worldwide. The firm operates in three core segments: Assurance, which includes auditing and financial reporting services; Tax, offering tax advisory and compliance services; and Consulting, which focuses on management and strategy consulting. EY has a strong presence across various industries and is recognized for its significant influence in the professional services sector. The company rebranded to EY in 2013, emphasizing its commitment to "Building a better working world."

Industry

professional training & coaching

Employees

406,000

8856 engineers

Revenue

$53B

Website

Visit →

Security at EY

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

Stated AppSec Mission: "Secure Creators can innovate and adopt emerging technology without compromising cybersecurity." Developer Enablement vs. Gatekeeping: "Product engineering teams must successfully implement an operating and sustainable 'DevSecOps' approach" Risk Philosophy: "Embedding security at the start of a new project is vital" Stated Pain Points or Goals: "Signal fatigue" Gaps & Contradictions: Information regarding specific internal 'paved road' documentation is not publicly available.

Security Team

Org Structure & Reporting Line: Information not publicly available. Key Public-Facing Leaders: Tapan Shah, EY Americas Cybersecurity Managed Services Leader Team Size Estimate (as_of:): LinkedIn Search Query Used: site:linkedin.com/in/ "EY""Application Security" Result: Information not publicly available. Active AppSec Job Postings (as_of:): Count: 2 Common Skill/Tool Patterns: "Ability in writing custom scripting tools (Python, Ansible, PowerShell, etc.)"; "Execute automated test suites as part of CI/CD pipelines". Gaps & Contradictions: No public data defines the internal reporting line for the Application Security team specifically.

Key Initiatives

Security Champions Program: Status: No Evidence Found "Shift Left" in Practice: "In accordance with the shift-left paradigm, security tests are performed at every stage of application development." Vulnerability Management Process: Intake: "based on recognized industry standards such as OWASP and NIST" Triage/Remediation: Information not publicly available. Secure SDLC Artifacts: "We use proprietary methodologies for our penetration testing and vulnerability management services" Recent Initiatives (Last 6 Months): Information not publicly available. Gaps & Contradictions: No public evidence of a formal 'Security Champions' program was found.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.