Job title: Third Party Cyber Risk Services-Senior Consultant
About
At Deloitte, we do not offer you just a job, but a career in the highly sought-after risk management field. We are one of the business leaders in the risk market. We work with a vision to make the world more prosperous, trustworthy, and safe. Deloitte’s clients, primarily based outside of India, are large, complex organizations that constantly evolve and innovate to build better products and services. In the process, they encounter various risks and the work we do to help them address these risks is increasingly important to their success—and to the strength of the economy and public security.
By joining us, you will get to work with diverse teams of professionals who design, manage, and implement risk-centric solutions across a variety of domains. In the process, you will gain exposure to the risk-centric challenges faced in today’s world by organizations across a range of industry sectors and become subject matter experts in those areas.
Our Risk and Financial Advisory services professionals help organizations effectively navigate business risks and opportunities—from strategic, reputation, and financial risks to operational, cyber, and regulatory risks—to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading teams help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries. We use cutting-edge technology like AI/ML techniques, analytics, and RPA to solve Deloitte’s clients‘most complex issues. Working in Risk and Financial Advisory at Deloitte US-India offices has the power to redefine your ambitions.
The Team
| Cyber & Strategic Risk We help organizations create a cyber-minded culture, reimagine risk to uncover strategic opportunities, and become faster, more innovative, and more resilient in the face of ever-changing threats. We provide intelligence and acuity that dynamically reframes risk, transcending a manual, reactive paradigm.
|
|
Third Party Risk Management (TPRM) capability is part of the wider Cyber & Strategic Risk portfolio within Deloitte Risk and Financial Advisory. The TPRM team is focused on helping our clients identify and manage the cyber risks arising from their association with third parties or service providers. We help our clients to define their overall third-party cyber risk strategy, design and implement enterprise-wide programs and technology that focus on identifying and reducing risks; help them evaluate their priorities, strengths and weaknesses and roll out large scale organizational changes to achieve goals.
Work you’ll do
As a professional working for Third Party Risk Management (TPRM) team, you’ll build and nurture positive working relationships with clients with the intention to exceed client expectations. You’ll:
- Assist in the selection and tailoring of third party cyber risk management approaches, methods and tools to support delivery of third party cyber risk assessment services
- Assist clients in developing their third party risk management programs, such as risk tiering methodology, risk assessment process flows, risk assessment questionnaires, and reports
- Perform third party risk assessments to help clients identify and evaluate complex business and technology risks related to third parties, and provide recommendations for managing those risks
- Participate in project management activities such as leading status calls, risk and issue management, escalations, invoicing, etc.
- Provide periodic updates about status of work assigned to the project manager
- Mentor new assessors on tools and methodology to conduct cyber risk reviews and demonstrate good understanding of client specific cyber security policy and procedures
- Update project manager on potential risks and delays to the project delivery
- Generate innovative ideas and challenge the status quo
- Facilitate use of Deloitte tools and methodologies to review, design and/or implement third party cyber risk services
- Identify opportunities to improve operational excellence
- Support project managers in sales pursuits and proposals and assist in building practice eminence
- Participate in and actively support mentoring relationships within practice
- Assist in the selection and tailoring of third party cyber risk management approaches, methods and tools to support delivery of third party cyber risk assessment services
- Assist clients in designing and developing their third party risk management programs, such as risk tiering methodology, risk assessment process flows, risk assessment questionnaires, and reports
- Perform third party risk assessments to help clients identify and evaluate complex business and technology risks related to third parties, and provide recommendations for managing those risks
- Participate in project management activities such as leading status calls, risk and issue management, escalations, invoicing, etc.
- Provide periodic updates about status of work assigned to the project manager
- Mentor new assessors on tools and methodology to conduct cyber risk reviews and demonstrate good understanding of client specific cyber security policy and procedures
- Update project manager on potential risks and delays to the project delivery
- Generate innovative ideas and challenge the status quo
- Facilitate use of Deloitte tools and methodologies to review, design and/or implement third party cyber risk services
- Identify opportunities to improve operational excellence
- Support project managers in sales pursuits and proposals and assist in building practice eminence
- Participate in and effectively support mentoring relationships within practice
Required skills
- 5 - 8 years of information security experience
- Excellent verbal and written communication
- Excellent understanding of information security and risk frameworks/standards (ISO 27001/2, NIST 800 series, PCI-DSS, etc.)
- Excellent knowledge of key risk areas such as cyber risk, compliance risk and regulatory risk
- Exceptional knowledge and deep expertise in multiple areas of cyber security and how it impacts the overall business and IT objectives and priorities. Some areas include (not limited to):
o Cyber risk strategy
o Cyber risk program management and delivery
o Cyber security operations
o Security architecture
o Data protection
o Application security/SDLC
o Third party risk management
o Cloud security
o Cyber Threat Intelligence
o Security Operations Center
o Incident Response
o Cyber Resilience
- Understanding and knowledge of industry standards and industry frameworks (e.g., COBIT, COSO, ISO 27001, PCI, NIST)
- Demonstrate a general knowledge of market trends, competitor activities, Deloitte & Touche products and service lines
- Should be a good team player with excellent networking skills
- Excellent inter-personal skills
- Willingness to work in shifts
Preferred skills
- CISSP / CISA (or equivalent)
- Good understanding of legal and regulatory requirements around information security and data privacy such as OCC Bulletin 29, FFIEC, HIPAA Security/Privacy, etc.
- 1+ years of project management experience on mid to complex projects required
- Prior consulting experience
- Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing
Qualification
- Bachelor’s/Master’s degree in information technology or related field