Clara Luya is an impressive Cybersecurity Manager at EY Australia. Her focus areas include Cyber governance, Cyber transformation, Cyber threat management, Threat intelligence and Digital disruption.
Clara grew up in China. She lived in the United States and has worked in the Asia-Pacific and Africa. She commenced her career in the banking and financial services sector in Sydney. Clara worked with different consultancy firms from the Big 4, a technology specialist and a boutique consulting company. Working in professional services which enabled her to gain focused industry experience in addition to consulting.
She is part of the EY Risk Advisory team so she spends the majority of her time working with the business to understand their needs and provide advice on Information & Communications technology related matters such as security strategy, risk management, cyber transformation and cyber governance. "The work can certainly be very hands-on at times," explains Clara. "For example, I've managed a team designing and proposing security operating models and have been involved in identifying a security transformation program for clients. I've also been involved in data breach and data leakage investigation, working alongside our Forensic Investigation team."
Clara has provided many impressive achievements for EY, one of which was to lead a team to design and recommend a security operating model for a client who operates in a federated environment. "We worked with the CIOs of each entity to define the security maturity and service capabilities in order to build a clear understanding of the operating model. We also negotiated on behalf of each entity to develop the contractual agreements between the entities. Needless to say, it was a complex and high profile engagement," says Clara.
Being passionate about strategic governance, what Clara found very satisfying about this work was that it allowed her to make a real and tangible impact in the community. Working with other parts of the business, such as Legal, during the contract development also provided significant experience for Clara.
When asked about EY as an employer, Clara declares that "EY is the best place to work". She believes that what makes EY stand out amongst competitors is its people. "We've so many talented and driven people in EY who are eager to make a difference. The work culture that these people create is so very rich, encouraging and satisfying. People at EY are not only exceptionally good at the detailed, technical stuff but they also have the ability to listen, engage a business and dedicate themselves to develop the best solution." Clara also believes that there's a strong openness throughout the working environment. "If anyone has a question, there'll always be a person nearby who is ready to help. At EY, we collaborative on ideas and options to deliver the common goal which is “building a better working world”.
Moving to EY from another Big 4 firm, Clara wasn’t expecting many changes. However, her experience with EY has been very refreshing and energising. "Prior to joining EY, I was heavily focusing on technology consulting and managing large system implementations. At EY, I really enjoyed the learning curve that bridged my experience with new areas in relation to cybersecurity advisory work. I got to see how an idea or vision or requirement translates into a tangible solution that can benefit the organisation," explains Clara.
Since joining EY, Clara has enjoyed learning how to work with business step by step throughout cyber assessment security reviews. She invests in the relationships with business to support them in their journey of transforming their cyber capabilities. "The strong relationship, rich experience and insight that I get from building the relationships with the business over time is one of the best parts," comments Clara." I'm passionate about what I do and enjoy the challenge in looking for ways to get things 100% correct. And my happy disposition means I'm always cheerful and that I enjoy motivating others. I like to spend time getting to know who I'm working with. I take on responsibilities and I'm always fully committed to what I do. Thankfully these are all qualities that EY values as an employer.
Cybersecurity may be seen as a male dominated industry because presently there are fewer women in the space. But Clara believes that women shouldn't be discouraged and that there are increasingly more professional opportunities available. "Women should not be afraid to challenge conscious and unconscious bias if they encounter it in their workplace. Self-respect is important and reinforcing inclusive behaviours is key," says Clara.
Flexibility can sometimes be key for women as they forge a career while raising a family. "EY as an organisation is particularly supportive of its female employees during the process of starting a family, or returning back to the workforce. After speaking with colleagues who work flexibly at EY, I can clearly see how flexible working arrangements have made a significant difference to both their professional and personal life.
In addition to consulting work for clients, Clara is also a counsellor in the Advisory team. This sees her providing on-going career advice and shaping potential opportunities for her colleagues. "This role is really interesting because it enables me explore different skill sets like mentoring, effective communication and constructive feedback. These experiences then help me to define and refine my own management style and build great foundations for my leadership skills."
"I'm fortunate to work in a team of talented, amazing people in a safe, supportive and professional working environment. My career is progressing every day. I'm proud of what I do and I look forward to going to work every day," exclaims Clara.
Read about further women at EY working in the cybersecurity arena, or explore the range of career options open.
The views expressed in this article are the views of the author, not Ernst & Young. This article provides general information, does not constitute advice and should not be relied on as such. Professional advice should be sought prior to any action being taken in reliance on any of the information. Liability limited by a scheme approved under Professional Standards Legislation.
Find out more