Deloitte | India Offices of the US

Level: Consultant

Work you'll do

As a Consultant on the Third Party Risk Management team, you will be responsible for supporting ongoing third-party cyber risk assessment delivery for client engagements.

• Perform ongoing third-party cyber risk assessments to identify and evaluate business and technology risks associated with third parties and service providers
• Provide recommendations to help clients manage cyber risks arising from third-party relationships
• Assist in the selection and tailoring of third-party cyber risk management approaches, methods, and tools to support assessment delivery
• Prepare periodic status updates, including potential risks and delays, for project managers and clients
• Support engagement delivery by documenting findings and contributing to project execution against client requirements and timelines

The team

Cyber Operate : Third Party Risk Management (TPRM) capability is part of the wider Cyber Operate Practice. The TPRM team is focused on helping our clients identify and manage the cyber risks arising from their association with third parties or service providers. We help our clients to define their overall third-party cyber risk strategy, design and implement enterprise-wide programs and technology that focus on identifying and reducing risks; help them evaluate their objectives, priorities, strengths and weaknesses and roll out large scale organizational changes to achieve goals.

Location: Bengaluru / Hyderabad / Pune

Shift Timings: Rotational Shift, including IST 9:00 PM to IST 6:00 AM

Qualifications

Required:

• 3-5 years of experience in information security
• Experience applying information security and risk frameworks or standards, including ISO 27001/2, National Institute of Standards and Technology 800 series, or Payment Card Industry Data Security Standard
• Experience performing cyber risk, compliance risk, or regulatory risk assessments
• Experience in one or more cyber risk domains, including security governance and management, application security controls, access controls, network security operations, security architectures, identity management, disaster recovery and business continuity, incident response, privacy and data protection, or encryption
• Experience with internal controls, risk assessments, business process reviews, internal information technology control testing, or operational auditing
• Experience preparing project status updates, including risks and delays, for project managers or clients
• Bachelor’s or Master’s degree in information technology or a related field

Preferred:

• Certification such as Certified Information Systems Security Professional or Certified Information Systems Auditor
• Experience with legal and regulatory requirements related to information security and data privacy, including Office of the Comptroller of the Currency Bulletin 2013-29, Federal Financial Institutions Examination Council guidance, or Health Insurance Portability and Accountability Act requirements
• Experience in a consulting environment
• Experience supporting third-party cyber risk management programs or assessments