Job Title: Risk and Compliance - Manager / Executive Manager
Location: Hyderabad / Bengaluru
Are you passionate about technology and interested in joining a community of collaborative colleagues who respectfully and courageously seek to challenge the status quo? If so, read on to learn more about an exciting opportunity with Deloitte’s Technology Cyber Security team. We are curious and life-long learners focused on technology and innovation.
Work you will do
This role supports audits and assessment programs of the Technology Cyber Security Risk & Compliance team which includes risk management, audits, and assessments for on premises as well as cloud hosted IT applications and infrastructure. This position is specifically responsible for helping client audits and manage the day-to-day responsibilities of gathering evidence, scheduling resources, coordinating with business owners and external auditors, and identifying potential audit issues/operational improvements. Role is to also have an understanding of and ability to assess technology and operational risks related to internal and cloud technology solutions and at times, provide input to technology personnel on appropriate controls to address audit risks. The position will also work with external and internal auditors, serving as liaison between Deloitte Technology and enabling area auditees, gathering and presenting evidence as required.
Key Tasks / Essential Job Functions:
· Understand technology controls, testing of controls, and supporting evidence
· Recommend policies, standards, procedures, and controls to assure the confidentiality, integrity, and availability of the information technology environment for on premises as well as cloud hosted IT applications and infrastructure
· Manages audit gaps; identifies those within the organization responsible for remediating or closing audit findings, negotiate dates for closure, and track/report progress
· Represent Information Technology related to internal and external assessments and/or audits of information technology systems and processes, interpret results, and develop and communication recommendations to management.
· Participate in appropriate opportunities for continuing education, seminars, and participation in field-related professional organizations to remain current on developments in information security profession.
· Work with the appropriate Information Security, Office of General Counsel, Risk Management, and engagement leaders to determine scope of onsite visits, audits, and assessments as defined by contracts and regulatory requirements.
· Develop and recommend appropriate information security policies, standards, procedures, checklists, and guidelines using generally recognized security concepts tailored to meet the requirements of the organization for on premises as well as cloud hosted IT applications and infrastructure.
· Identify and document specific security issues, propose resolution options, and interpret matters from the perspective of involved stakeholders.
· Able to identify and document specific security issues, propose resolution options, and interpret matters from the perspective of involved stakeholders
· Make decisions on day-to-day task assignments to the team
· May lead projects and in some cases, manage staff.
· Other duties as assigned
The Team
Deloitte Technology team helps power Deloitte’s success. Deloitte Technology team is the engine that helps to drive Deloitte, which serves many of the world’s largest organizations. We develop and deploy cutting-edge internal and go-to-market solutions that help Deloitte operate effectively and lead in the market. Our reputation is built on a tradition of delivering with excellence.
The ~3,000 professionals in Deloitte Technology deliver services internally including:
· Cyber security
· Technology support
· Technology & Infrastructure
· Application development and management
· Relationship management group
· Strategy
· Deployment
· PMO
· Financials
Cyber Security
Cyber Security vigilantly protects Deloitte and client data. The team leads a strategic cyber risk program that adapts to a rapidly changing threat landscape, changes in business strategies, risks, and vulnerabilities. Using situational awareness, threat intelligence, and building a security culture across the organization, the team helps to protect the Deloitte brand.
Areas of Risk & Compliance focus include:
• Client ODCs
• Security Contract Reviews
• Vendor Assessments
• Security Awareness
• Audits & Assessments
Basic Qualifications:
· Bachelor’s degree in computer science, Business Administration, Information Systems, Accounting or equivalent educational or professional experience and/or qualifications.
· Minimum 12 years of directly related experience in the following: managing information technology audits, assessments, remediation management, creating, leading, and managing risk assessment programs.
· Minimum 8 years of experience with various industry standard frameworks such as: SSAE 18 SOC 1 and SOC 2, Shared Assessment Program Agreed Upon Procedures, HIPAA, HITRUST, CSA, CCM.
Preferred Qualifications:
· Industry certification (e.g., CPA, CISA, CISSP, CISM etc.)
· Master’s Degree preferred (e.g., Information Security, Information Protection, Computer Information Systems, Information Systems Management)
· Experience leading IT internal audit, external audits, and or service organization control reporting and activities
· Solid understanding of IT general controls and activities
· Familiarity with privacy laws, data protection/security regulations, and cloud security frameworks
· Possess a general understanding of IT security technologies, including network, application and database security, access management and cloud security, Required Licenses, Certifications, and Other
· Negotiation skills to obtain commitments to remediate risks and vulnerabilities from leadership of other teams
· Consulting skills (client service orientation, conflict resolution, analysis/synthesis of information, negotiation, project management, etc.) (preferred)
· Excellent communication, listening, and facilitation skills (preferred)
· Excellent time management and related organizational skills, including appropriate sense of urgency, a proactive approach, and a suitable ability to anticipate and manage project lifecycle events, issues, and obstacles (preferred)
· Very good understanding and experience with cloud technologies and security controls (preferred)
Location: Hyderabad, Bangalore
Work timings: 2 PM to 11 PM (Flexible)
How you’ll grow
At Deloitte, our professional development plan focuses on helping people at every level of their career to help them to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.
Benefits
At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits.
Deloitte’s culture
Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture where our people excel and lead healthy, happy lives.
Corporate citizenship
Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities.
Recruiter tips
We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you’re applying to.