As an Analyst, Audit & Certification (A&C) you will be responsible for supporting the maintenance of Deloitte Technology (DT) industry standard framework assessments and certifications. You will collaborate with Global and member firm IT groups to demonstrate effective operation of DT controls, via DT IT certifications for operations, security, infrastructure, shared services and applications.
The role will have a good understanding in information security processes, and standards and audit frameworks (i.e., ISO, cloud security, SOC 2 , risk management etc.)
Key responsibilities include:
- Execute coordination for internal and external audits and assessment, including but not limited to ISO27001, 27017, 22301 and SOC 2; with internal DT stakeholders.
- Administer and continually improve the DT ISMS (Information Security Management System) and related processes, e.g., IT risk assessment, metrics reports, awareness and compliance to DT policies and standards
- Support leadership meetings, including Management Review, ISMS Security Forum
- Interface with Cybersecurity, Global Technology Infrastructure (GTI), Portfolio & Solutions (P&S), Global Risk, Internal Audit, global and member firm risk leaders to support manager and A&C team towards compliance of DT ISMS
- Synergize with second line of defense to understand root causes, process deficiencies, control failures for the non- conformities and bring them to closure using continual improvement process.
- Contribute to maintain processes, procedures, operational documentation
- Support continual improvement initiatives to align technology risk posture to Deloitte’s risk appetite
- Effective relationship-building, communication, presentation, and interpersonal skills; prepare leadership communication materials, facilitate, document, follow up on open items from meetings and audits
- Ability to identify and deliver improvement opportunities
- Report breaches in information security or policies
- Leverage available technical resources/tools to research; expand IT risk knowledge to enhance work product, remain up to date on member firm and business hot topics while sharing IT risk knowledge where applicable
- Support the creation of metrics and other A&C reports
- Strong collaboration skills, effectively self-manage and execute multiple activities with minimal customer disruption and within agreed-upon requirements
Required Education, Qualifications, and Experience:
- Bachelor's degree or equivalent 5+years of Information security management system audits and compliance certification and/or infrastructure operations experience.
- Preferably prior experience in a large global enterprise environment Hands-on experience facilitating and coordinating activities for internal and/or external audits
- Ability to manage oneself in complex situations that require judgment and discretion
- Ability to work with limited or no supervision.
- Ability to form long-term, strategic relationships and cultivate a network across Deloitte
- Ability to perform high level data analysis.
- Ability to critically analyze results to detect trends. errors, anomalies or conflicts. Relate analysis to business strategy and process
- Good understanding of audit frameworks & technical standards
- Knowledge of significant global security and privacy laws and regulations (e.g., GDPR)
- Excellent verbal and written communication skills
- Effectively prepare presentation and business material; and succinctly document internal processes
Preferred:
- Certification in at least one of the following: ISO 27001 Lead Auditor /Implementer, CISA, CRISC, PMP
#EAG-Technology
Recruiting tips
Benefits
At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.
Our people and culture
Our purpose
Professional development