Senior Analyst – GRC - Deloitte Support Services India Private Limited
We are seeking a dedicated and experienced Senior Analyst to join our Cyber Governance, Risk, and Compliance (GRC) team. The successful candidate will play a pivotal role in managing cybersecurity risks, conducting control testing, and enhancing our overall cybersecurity posture, with a focus on incident response, risk management, and third-party risk management.
Work you’ll do
As a part this team, you will:
Key Responsibilities:
Cyber Risk Management & Governance:
· Support the maintenance of the organisation's cybersecurity risk management processes and governance structure.
· Perform risk assessments to identify, evaluate, and mitigate risks across development, platforms, and infrastructure.
· Maintain and update the Cyber Risk Register with the latest status from risk owners until risks are completely closed.
Control Testing:
· Conduct regular security control testing to ensure compliance with internal and external standards such as CIS Controls, ISO 27001:2022, ASD Essential 8, and NIST Cybersecurity Framework (CSF) 2.0. to assess the effectiveness of cybersecurity controls.
· Identify control gaps and recommend remediation strategies.
· Conduct regular audits and reviews to maintain compliance.
Incident Response Planning & Governance:
· Participate in the development and governance of the incident response plan to ensure effective incident management.
· Conduct post-incident reviews to identify lessons learned and improve future response efforts.
Work Location: Hyderabad
Shift Timings: 06.30 AM to 03.30 PM
Qualifications
· Bachelor’s degree in information security, Cybersecurity, or a related field.
· Minimum of 4 years of experience in cybersecurity governance, risk management, and control testing.
· Strong understanding of CIS Controls, ISO 27001:2022, ASD Essential 8, and NIST Cybersecurity Framework (CSF) 2.0.
· Experience in executing control testing methodologies.
· Excellent communication and collaboration skills. - Relevant certifications such as CISSP, CISM, or CRISC are highly desirable.
Required Skills:
· Knowledge in application security, security architecture, cloud platforms, and security tools (e.g., SAST, DAST, CIS benchmarks).
· Familiarity with standards such as CIS, NIST, OWASP, ISO 27001, and DevSecOps principles.
· Expertise in identifying, evaluating, and mitigating risks across development, platforms, and infrastructure.
· Ability to manage multiple priorities and deadlines in a dynamic environment.
· Strong stakeholder management skills to collaborate with cross-functional teams.
· Excellent verbal and written communication skills to engage with technical and non-technical stakeholders.
Preferred Skills:
· Security Awareness Programs: Experience in developing and delivering comprehensive cybersecurity awareness programs.
· Third-Party Risk Management: Proficiency in managing cybersecurity risks associated with third-party vendors and partners, including conducting due diligence and ongoing monitoring.
How you’ll grow
At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in the same way. So, we provide a range of resources including live classrooms, team- based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India
Benefits
At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.
Deloitte’s culture
Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte.
Corporate citizenship
Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world.
About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the “Deloitte” name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.