Preferred Level
4
Business Unit
GCISO-Shared Security Services
Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on nextgeneration,
cutting-edge products and services that deliver outstanding value and that are global in vision and
scope? Work with other experts in your field? Work for a world-class organization that provides an exceptional
career experience with an inclusive and collaborative culture?
Want to make an impact that matters? Consider Deloitte Global.
The Deloitte Global Cybersecurity function is responsible for the firm’s overall objectives of enhancing data
protection, standardizing and securing critical infrastructure and gaining cyber visibility through security
operations centers. We are seeking a Vendor Risk Assessment Analyst to join the team. The VRA Analyst will
participate in and lead assessments of vendor risk, develop mitigation plans and partner with internal
stakeholders to manage responsibility. In this role you will also ensure strong oversight of all vendors’ risks and
provide member firms and business partners visibility of existing and emerging risks.
As part of the Global Cyber Risk team, the VRA Analyst must:
Prepare and complete risk assessments and assist with policy, regulatory and accreditation audit
preparation
Help lead and support continuous improvement, implementation and deployment of a common and
consistent vendor risk management (VRM) program to effectively manage vendor risk in accordance with
internal policy and Federal/ State Regulatory requirements
Facilitate workflow and record keeping within the VRA platform (ServiceNow)
Help develop, maintain, and document workflow processes to ensure data & system controls are adequate,
meet internal baselines and optimize current processes to meet emerging risks
Provide guidance to the business, procurement and other stakeholders to ensure requirements of VRM are
fully understood
Support development and execution of a robust communication and training plan to facilitate the effective
application and awareness of VRM
Monitor risk findings, remediate resolution including development and execution of corrective action plans,
and ensure follow-on reporting and monitoring
Contribute to development of terms and security specific contract language and security clauses related to
risk mitigation
Perform data analytics & reporting activities. Provide & maintain vendor risk reporting mechanisms, and
track and report outcomes from vendor management activities.
Stay informed about the latest developments in the vendor risk management field
Improve awareness of operational risks faced by Business from vendor failure/poor performance and work
with Strategic Sourcing/Legal/Business to mitigate any losses through vendor compensation achieved
through establishment of robust contracts
Position summary
Work you'll do
What you'll be part of - our Deloitte Global Culture:
At Deloitte, we expect results. Incredible—tangible—results. And Deloitte Global professionals play a unique role
in delivering those results. We reach across disciplines and borders to serve our global organization. We are the
engine of Deloitte. We develop and implement global strategies and provide programs and services that unite our
network.
In Deloitte Global, everyone has opportunities. We see the importance of your perspective and your ability to
create value. We want you to fit in—with an inclusive culture, focus on work-life fit and well-being, and a
supportive, connected environment; but we also want you to stand out—with opportunities to have a strategic
impact, innovate, and take the risks necessary to make your mark.
Who you'll work with:
Deloitte Technology works at the forefront of technology development and processes to support and protect
Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to
help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously
conceived.
Required
At least 3 years of Information Security, Risk Assessment or IT audit experience
Working familiarity with Vendor Risk Assessments and production of Risk Analysis Reports
Experience in management of vulnerability and/or risk remediation
Specific knowledge of and experience with applicable concepts and methodologies such as continuous
quality improvement and auditing experience
Deep familiarity with risk assessments and threat models
Strong familiarity with ISO27000 standards and ISO27002 controls standards
Experience with Archer, ServiceNow or another industry standard enterprise Vendor Risk Assessment
solution
Strong knowledge and working understanding of information security legal and regulatory requirements,
such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and
Payment Card Industry/Data Security Standard
Strong working familiarity with common information security management frameworks, such as ISO/IEC
27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework
Working familiarity with the NIST 800-30 standard for Risk Assessment
Education
Bachelor’s degree: preferably in an information technology-related field of study, or equivalent years of
experience required
Preferred:
At least 5 years of Information Security, Risk Assessment or IT audit experience
Experience working in Cyber Risk, Business Risk Management, Operational Risk, Internal Audit, and/or
Controls related function
Familiarity with application, server, and network security
Professional IT or Security Management certification
One or more of CISA or CRMA, CISSP, CCSP, CISM, GIAC certifications
Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership
opportunities at every step of your career, and helping you identify and hone your unique strengths. We
encourage you to grow by providing formal and informal development programs, coaching and mentoring, and
on-the-job challenges. We want you to ask questions, take chances, and explore the possible.
Deloitte’s Total Rewards program reflects our continued commitment to lead from the front in everything we do
— that’s why we take pride in offering a comprehensive variety of programs and resources to support your
health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain
your efforts in making an impact that matters.
Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to
relationships with our clients, our people, and our communities. We believe that business has the power to
inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive
positive social impact in our communities.
Qualifications:
How you'll grow:
Benefits you'll receive
Corporate citizenship
Recruiting tips
Benefits
At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.
Our people and culture
Our purpose
Professional development