CyberSecurity Assurance Specialist (T1) – CISO - Deloitte Support Services India Private Limited
Organisation Summary
At Deloitte, we’re all about collaboration. And nowhere is this more apparent than among our 2,000-strong internal services team. With our combined specialist skills, we provide all the essential support and advice our client-facing colleagues need, right across the firm. This enables them to focus all their efforts on delivering the best service possible to their clients. Covering seven distinct areas; Human Resources, Clients & Industries, Finance & Legal, Practice Support Services, Quality & Risk Services, IT Services, and Workplace Services & Real Estate, together we live, breathe and deliver the Deloitte experience.
Team Summary
CISO team is a world class operation with extensive knowledge and experience where you interface with business and technical teams and bring about change and influence across the whole world of Deloitte. As a CyberSecurity Specialist (Assurance) you will support Business Lines/Project teams through the Globally mandated Secure Service Development Lifecycle (SSDLC) when introducing new services and systems, or changes to existing services and systems, whilst also providing relevant information security control requirements
Location: Hyderabad
Work shift Timings: 02:00 PM to 11:00 PM
Role Requirements
• Strong working knowledge of the Secure Service Development Lifecycle (SSDLC) and how to apply it across new implementations and change initiatives.
• Experience across information security governance, risk, and compliance (GRC), including conducting risk assessments, performing risk assurance activities, and producing clear, audit-ready documentation.
• Familiarity with key standards and regulatory requirements, such as ISO/IEC 27001/27002, GDPR, and Cyber Essentials (or equivalent control frameworks).
• Ability to manage penetration testing and vulnerability management processes end-to-end, including triage, remediation planning, retesting, and closure tracking.
• Foundational understanding of cloud security and governance, including logging/monitoring, encryption concepts, key management basics, and policy/guardrails.
• Knowledge of the OWASP Top 10, including common vulnerabilities, testing approaches, and supporting tools/methodologies.
• Understanding of core cloud concepts, including the shared responsibility model, regions/availability zones, elasticity, and service models (IaaS/PaaS/SaaS).
• Demonstrated grasp of security fundamentals and best practices supporting confidentiality, integrity, and availability (CIA).
• Fair understanding of project management principles (planning, dependency management, risk/issue tracking, and stakeholder coordination).
• Excellent communication skills across technical and non-technical audiences, with strong critical thinking and analytical capability.
• Self-starter with strong problem-solving skills, able to identify issues and propose viable solution options with minimal oversight.
• Proven ability to multitask and deliver in an agile, fast-paced environment.
• Able to clearly explain how proposed control or process changes will deliver measurable improvements.
Roles and Responsibilities
• Partner with business lines and project teams to ensure globally mandated SSDLC requirements are embedded for new services/systems and material changes, and translate these into clear, actionable security control expectations.
• Elicit, document, and baseline security NFRs (e.g., access control, logging, encryption, resiliency, vulnerability management), and validate fulfillment prior to operational/BAU (business-as-usual) handover.
• Liaise with the Information Security testing function to plan, track, and evidence completion of code reviews, application security scanning, and infrastructure vulnerability scanning as part of the cybersecurity assurance lifecycle.
• Provide security assurance input to service management teams during incident response and change execution, including risk assessment, control impacts, and remediation/compensating control recommendations.
• Represent cybersecurity assurance in CAB forums by reviewing change requests, challenging risk/impact assessments, advising on required security validations, and managing assurance activities across concurrent change initiatives.
• Evaluate the design and operating effectiveness of information security controls and IT general controls (ITGC), document findings, agree management actions, and track remediation to closure.
• Review end-to-end BAU processes to identify inefficiencies, control gaps, and failure points; assess design adequacy and operational effectiveness; recommend pragmatic improvements that reduce risk and improve performance.
• Provide ad hoc support to USI councils (e.g., Continuous Service Improvement, Learning & Development, Process Risk Assessment, Business Impact Analysis) by supplying assurance perspectives, data-driven insights, and actionable recommendations.
Tools and Technologies
• Service Now
• MS Office (Word, PPT, Viso, Excel)
• RSA Archer
• Snyk, Fortify and Qualys
Qualifications
• Any full time Graduation in Computer Science/ Information Security/ any Engineering stream.
• Upto 6 Years of relevant Experience in Cyber Secuirty, IT risk, Technology audit, or security controls/ compliance.
Technical Certifications
• Cloud certifications: (AZ-900, AWS CCP/SSA, Google ACE)
• ISO27001/ ISO 31000 or equivalent
• Good to have - CISA, CISM, AZ-500, CCSP, or equivalent desirable.