Associate Vice President - Audits & Assessment and Client Inquiry - Cyber Risk & Compliance
Are you passionate about technology and interested in joining a community of collaborative colleagues who respectfully and courageously seek to challenge the status quo? If so, read on to learn more about an exciting opportunity with Deloitte’s Technology Cyber Security team. We are curious and life-long learners focused on technology and innovation.
Work you’ll do
The Risk & Compliance AVP provides strategy and tactical guidance and solutions to Risk & Compliance areas, with a specific focus on various SOC1 and SOC2 audit, along with leading USI Client Inquiry teams. This position is specifically responsible for driving SOC 1 and SOC 2 audits and manage the day-to-day responsibilities of scheduling resources, coordinating with business owners and external auditors, and identifying potential audit issues/operational improvements. Role is to also have an understanding of and ability to assess technology and operational risks related to internal and cloud technology solutions and at times, provide input to Deloitte Technology personnel on appropriate controls to address audit risks. This role will also interact with executives within Deloitte as well as functional leaders, legal, risk and regulatory leaders, Business Information Security Officers, external and internal auditors, regulators, clients and prospective clients.
In this role, you will:
- Understand technology controls that impact on premises and cloud technology, operational risk to the Information Technology Services organization as well as related laws, regulations, and industry standards, specifically related to internal and cloud technology solutions.
- Recommend policies, standards, procedures, and controls to assure the confidentiality, integrity, and availability of the information technology environment for on premises as well as cloud hosted IT applications and infrastructure
- Manages audit gaps; identifies those within the organization responsible for remediating or closing audit findings, negotiate dates for closure, and track/report progress
- Represent Information Technology related to internal and external assessments and/or audits of information technology systems and processes, interpret results, and develop and communication recommendations to management
- Partner with the appropriate leadership within Cyber Security, Office of General Counsel, Risk Management, and engagement leaders including senior partners and to determine various strategies and tactics for programs as defined by contracts and regulatory requirements/restrictions/considerations
- Provides strategic directions on appropriate information security policies, standards, procedures, checklists, and guidelines using generally recognized security concepts tailored to meet requirements
- Make decisions on day-to-day task assignments to the team
The Team
Deloitte Technology helps power Deloitte’s success. Deloitte Technology team drives Deloitte, which serves many of the world’s largest, most respected organizations. We develop and deploy cutting-edge internal and go-to-market solutions that help Deloitte operate effectively and lead in the market. Our reputation is built on a tradition of delivering with excellence
The ~3,000 professionals in Deloitte Technology deliver services including:
- Cyber Security
- Technology Support
- Technology & Infrastructure
- Applications
- Relationship Management
- Strategy & Communications
- Project Management
- Financials
Cyber Security
Cyber Security vigilantly protects Deloitte and client data. The team leads a strategic cyber risk program that adapts to a rapidly changing threat landscape, changes in business strategies, risks, and vulnerabilities. Using situational awareness, threat intelligence, and building a security culture across the organization, the team helps to protect the Deloitte brand.
Areas of Risk & Compliance focus include:
- Client ODCs
- Security Contract Reviews
- Vendor Assessments
- Security Awareness
- Audits & Assessments
Required Skills & Qualifications
Our ideal candidate is an integrator of people and processes, a thought leader, a problem solver, and subject matter expert on cybersecurity.
Basic Qualifications:
- Bachelor’s degree in information security, Computer Science, or Information Systems.
- Minimum 15 years of related experience, including cybersecurity and/or risk management experience in organizations of a similar scale or client-service experience in the field.
- Minimum 8 years leadership/management experience
Preferred:
- Master’s degree in information security, Computer Science, or Information Systems with a focus in Cyber Security or related field.
- Demonstrated understanding of Deloitte’s Cyber Security Risk & Compliance Vendor assessments and Security Contracts
- C-level and executive interaction experience; demonstrated experience driving strategy and initiatives with cross-functional executive level stakeholders.
- Ability to frame and communicate security and risk-related concepts to technical and nontechnical audiences at various levels.
- Understanding of and ability to effectively apply trends and developments in the area of global security and risk management.
- Demonstrated ability to drive organizational change and work with multiple business units of an organization to effect change.
- Exceptional verbal and written communication skills. Must be able to interact effectively with professionals at all levels and communicate recommendations with diplomacy and tact.
- Strong understanding of Deloitte Touche Tohmatsu Limited operating environment OR successful experience working in a comparable global professional services organization.
- Professional security certifications such as CISSP, CCISO, GIAC, or CISA.
Hiring Location: Hyderabad
Shift Timing: 11 Am to 8 PM
Recruiting tips
Benefits
At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.
Our people and culture
Our purpose
Professional development