Global Risk & Brand Protection

Technology Risk:  Security Inquiry Response Center, Analyst

This position will serve as an Analyst within the Security Inquiry Response Center under the Global Risk & Brand Protection organization. The Analyst’s role will involve the gathering and pre-population of information to respond to information security and other technology-related inquiries from Deloitte member firm clients and regulators through information security inquiries, questionnaires, assessments, or audits.  This role will be facilitated through a global delivery team model, tasked with the coordination and completion of these security inquiries. 

The team  

The Security Inquiry Response Center team works behind the scenes to protect Deloitte’s brand and reputation. We take this protective role seriously, while simultaneously ensuring Deloitte meets client, legal, and regulatory requirements.

This is an internal firm professional service position that supports firms of the Deloitte organization. Global Risk & Brand Protection (GR&BP) analysts play a critical role in enhancing, preserving and protecting the reputation of the Deloitte organization. Specifically, GR&BP analysts assist in ensuring compliance with firm policies and professional standards in the areas of auditor independence, regulatory compliance, and risk. Functions within GR&BP include Global Independence, Technology, Regulatory, Privacy, Risk and Ethics. The ideal GR&BP candidate must be able to work independently and as part of a team in a dynamic work environment.

Work you’ll do 

Operational responsibilities of this role will include one or more of the following:

• Fulfill member firm and client, regulatory and audit-related information security requests as assigned through the global delivery team.
  • Identifying, gathering, and pre-populating responses to questions using one or more Standard Answer Banks.
  • Identifying the remaining questions that cannot be pre-populated and whether consultation is needed with the Client Security Lead.
  • Responsible for highlighting issues found in the Standard Answer Banks and illustrating where changes are necessary.
  • Standard Answer Bank maintenance.
• Support activities related to information security inquiries, including:
  • Analyzing and evaluating client, regulator and member firm information security requests, assessments, and audits; and
  • Gathering data and refinement activities using the global delivery team.
• Demonstrate and apply project management skills and use current technology and tools to enhance the effectiveness of deliverables and services.
• Support initiatives to educate technology functions on technology risk management requirements according to regulatory requirements, internal policy and standards, data classification, client commitments, etc.
• Demonstrate and apply a basic understanding of technology trends to identify issues and communicate this information to the management team through written correspondence and verbal presentations.
• Perform other job-related duties as assigned by the Manager or others within the Security Inquiry Response Center team.

Qualifications

Education

• ·       Bachelor’s degree or higher in a technology-related field or a relevant IT security certification (if non-technical degree) or an equivalent experience, i.e. vendor or procurement audits, control reviews, etc.

Work experience

·       One (1) to three (3) years demonstrated experience in applying leading practices in Information Security, Technology Risk or Operational Risk environment, or risk and governance function.

Required Skills/abilities

·       Proficient English skills in verbal, reading and writing, and the ability to understand nuances.

·       Entry-level knowledge of Information Systems Security, cyber security, IT auditing, IT risk management and compliance and/or vendor security risk management

·       Basic working knowledge of GRC tools (e.g., Archer, ServiceNow, etc.)

·       Knowledge of various IT risk frameworks, methodologies, leading industry/assurance standards and regulations, as well as attestation reporting frameworks, such as the ISO family of standards (27001/2, ISO 22301, ISO 27017, etc.), NIST, COBIT, SOC2 reporting framework.

·       Basic knowledge of significant security and privacy laws and regulations in the Americas, Europe, Middle East, Asia, Africa, and Oceania is preferable (e.g., GDPR).

·       Analytical and problem-solving mindset; demonstrated ability to synthesize large amounts of data in short periods of time for consumption by multiple stakeholders.

·       Effective relationship-building, communication, presentation, and interpersonal skills.

·       Highly disciplined, with strong organizational abilities.

·       Ability to multi-task, prioritize work and work independently.

·       Possess exceptional level of integrity and customer focus.

·       CISA, CIA, CISM, CISSSP, CGEIT, ISO 27001/2 or similar certifications preferred but equivalent knowledge will be considered.

Work Location: Hyderabad

Shift: 11:00 AM – 8:00 PM

How you’ll grow

At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities— including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in exactly the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India

Benefits

At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.  

Deloitte’s culture

Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives.  Learn more about Life at Deloitte.

Corporate citizenship

Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities.  We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities.  Learn more about Deloitte’s impact on the world.

#CA-VS

#EAG-R&BP