Job Title: Assistant Manager – Risk and Compliance
Location: Hyderabad / Bengaluru / Pune / Chennai / Mumbai
Do you have the drive to engage in cyber security risk & compliance to protect organizations from potential security exposures or threats? If your answer is yes, we have the right opportunity for you!
Work you’ll do
This role would be part of Cyber Security team and would actively engage in
implementing our vendor information security risk management program for achieving firm’s GRC objectives. As part of this team, you will be assisting in reviewing and assessing vendor’s information security program, processes and controls to identify weaknesses in their information system and discover potential threats to Deloitte and its assets. You would be reporting assessment results to necessary stakeholders, following up on remediation plan, ensuring timely remediation and providing appropriate recommendations to the vendor for ensuring adequate protection of Deloitte information assets. You would collaborate and coordinate with various key stakeholders, both onshore and offshore, such as vendors, internal business clients, internal teams, SMEs and Cyber Security management.
- Monitoring external policy compliance, specifically on Deloitte vendors
- Responsible for reviewing and assessing vendor security controls to protect Deloitte facilities, systems (assets and networks) and data
- Responsible for ensuring vendors working within the framework of Deloitte security policies that is being clearly laid out for them
- Maintaining regular communications with vendor risk management team on progress status
- up with vendors and business teams to ensure timely remediation of assessment findings
- Driving security awareness program across the organization and promoting cyber security firm initiatives
Educational Qualification:
- Bachelor’s degree in computer science, Business Administration or equivalent educational or professional experience and/or qualifications
- 6-9 years of relevant experience
- Experience with information technology security programs, audits, controls, assessments, risk assessments, or remediation management
- Demonstrated proficiency in Security and Compliance, including information security and technology regulatory requirements (SOC 2, ISO27001, NIST800-53, PCAOB, CSA, etc.)
- Experience with Governance, Risk & Compliance tools
- Strong communication, report writing and presentation skills
- Ability to work independently and cross-functionally
- Excellent time management and related organizational skills including appropriate sense of urgency and a proactive approach
- Industry certifications (e.g., CISA, CISM, CISSP, CCSP and/or other equivalent licenses/certifications)
Work Experience
- Good knowledge of information security principles, policies, processes and practices.
- Good knowledge about security controls for cloud services.
- Good to have information security program implementation and/or audit experience.
- Good to have certifications such as ISO 27001, ISO 27002, ISO 22301, CEH, CISA
Required Skills
Should be a team player and should be comfortable working in teams.
Strong interpersonal and communications skills with the ability to communicate effectively at all levels.
The Team
Deloitte Technology team helps power Deloitte’s success. Deloitte Technology team is the engine that helps to drive Deloitte, which serves many of the world’s largest organizations. We develop and deploy cutting-edge internal and go-to-market solutions that help Deloitte operate effectively and lead in the market. Our reputation is built on a tradition of delivering with excellence.
The ~3,000 professionals in Deloitte Technology deliver services internally including:
· Cyber security
· Technology support
· Technology & Infrastructure
· Application development and management
· Relationship management group
· Strategy
· Deployment
· PMO
· Financials
Cyber Security
Cyber Security vigilantly protects Deloitte and client data. The team leads a strategic cyber risk program that adapts to a rapidly changing threat landscape, changes in business strategies, risks, and vulnerabilities. Using situational awareness, threat intelligence, and building a security culture across the organization, the team helps to protect the Deloitte brand.
Areas of Risk & Compliance focus include:
• Client ODCs
• Security Contract Reviews
• Vendor Assessments
• Security Awareness
• Audits & Assessments
How you’ll grow
At Deloitte, our professional development plan focuses on helping people at every level of their career to help them to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.
Benefits
At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits.
Deloitte’s culture
Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture where our people excel and lead healthy, happy lives.
Corporate citizenship
Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities.
Recruiter tips
We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you’re applying to.