Cybersecurity GRC Analyst Assistant Manager - Hyderabad

Hyderabad, Telangana, India

Back to search results
Back to search results

Position Summary

Cybersecurity GRC Analyst AM/DM (T1), Deloitte Support Services Private Limited.

Organisation Summary

At Deloitte, we’re all about collaboration. And nowhere is this more apparent than among our 2,000-strong internal services team. With our combined specialist skills, we provide all the essential support and advice our client-facing colleagues need, right across the firm. This enables them to focus all their efforts on delivering the best service possible to their clients. Covering seven distinct areas; Human Resources, Clients & Industries, Finance & Legal, Practice Support Services, Quality & Risk Services, IT Services, and Workplace Services & Real Estate, together we live, breathe and deliver the Deloitte experience.

Team Summary

To work in the innovative and creative CISO Team, a world-class operation renowned for its extensive expertise and experience. Collaborate with both business and technical teams to drive change and exert influence across the entire Deloitte landscape. Utilize your skills to effect real-world impact. As a Cybersecurity GRC Analyst, you will be responsible for monitoring, managing, supporting and closing compliance issues while also support the team with GRC deliverables such as risk assessments, policy and standard oversight and support, metrics and reporting, audit support, etc.

  Location: Hyderabad

  Work shift Timings: 02:00 PM to 11:00 PM

Role Requirements

·       Demonstrable knowledge of good security practices ensuring adherence to security concepts of confidentiality, integrity, and availability.

·       Knowledge on industry standards such as ISO27001/02, GDPR, Cyber Essentials, NIST, COBIT frameworks.

·       Demonstrable experience in an information security or risk management role that includes tasks such as carrying out risk assessments, risk assurance activities, documentation and updating of policies, impact assessments, asset identification etc.

·       Strong reporting and writing skills

·       Basic understanding of Project Management principles

·       Strong knowledge and understanding of security metrics and reporting requirements, and developing key performance and key risk indicators

·       Strong knowledge and understanding of security policy frameworks and control implementation.

·       Strong knowledge of risk management methodologies and risk analysis.

·       Strong ability to develop and maintain security processes and procedures.

·       Strong knowledge of GRC tools and platforms such as Archer, Service Now GRC Tool.

·       Can think methodically and logically and have well-honed communication skills

·       Have some knowledge of OWASP top ten vulnerabilities, tools and methodologies.

·       Clearly demonstrate how changes in a process will bring about improvements

·       Represents team in meetings with internal/external customer base

·       Be a self-starter, have the ability to solve problem, identifying issues and solutions options with minimal oversight and handholding

·       Have excellent persuasion, influencing & interpersonal skills

·       Build and maintain effective relationships with internal and external stakeholders, representing the organization with professionalism.

·       Drive accountability and recognize outstanding achievements within the Team.

Role & Responsibilities

·       Work across the Cybersecurity function and collaborate with other risk and control functions to support deployment of our security strategy.

·       Analyze management and technical security controls to ensure that mandated security and compliance requirements are met through the verification of documented processes, procedures and standards.

·       Facilitate the identification, assessment and conduct risk reviews across the NSE/UK Deloitte, log & monitor them in the risk register.

·       Assist in the development of risk response/mitigation plans and track implementation within agreed upon timelines.

·       Collaborate with senior leadership to develop and execute business strategies that drive organizational growth and operational excellence.

·       Working and collaborating with the wider UK/NSE Cybersecurity team, UK/NSE Deloitte Business Security, UK IT Services, North South Europe (NSE), and Global Cybersecurity and Risk teams.

·       Reporting on the state of cybersecurity risk and control issue management to the appropriate leadership teams and stakeholders within the UK, NSE and Global firms.

·       Maintain the Deloitte Cybersecurity GRC Control Issues and Opportunities Log as well as any other related or tool relevant to the UK Deloitte CS GRC function.

·       Monitor key security controls, identifying reportable key performance and key risk indicators, to track compliance with mandated policies and standards and report on security risk exposures.

·       Maintain security control frameworks used to support security assurance activities such as SSDLC etc.

·       Ensure alignment with the firm’s cyber strategy framework.

·       Champion a positive and inclusive workplace culture that encourages collaboration and continuous improvement.

·       Liaise with Global security teams to keep abreast of new initiative and changes to policies and standards.

·       Assist with internal and external audit requests for the purposes on reporting on the status of key risks.

·       Manage policy exception requests and liaise with teams to complete supporting risk assessments.

·       Produce management reporting, including metric dashboards summarizing KPIs and KRIs, for submission to the firm’s security governance and risk committees.

·       Lead, mentor, and develop team members to foster professional growth and high performance within their area.

·       Champion a positive and inclusive workplace culture that encourages collaboration and continuous improvement.

·       Liaise with the firm’s risk and compliance teams to ensure security reporting is aligned and consistent.

·       Establish and maintain the quality management system to oversee the creation, publication and storage of all security processes and supporting documentation repositories.

·       Liaising with risk functions across the information security team and 2nd line functions to support risk governance activities, process improvement initiatives and fulfill internal and external reporting obligations.

·       Working across the CISO function and other risk and control functions to support deployment of our security strategy.

·       Explain risk management approaches in a manner understood by a non-technical or non-SME audience Proactively identify, assess, and manage inherent & residual risks in our system and promote a risk-mitigating culture.

·       Communicate complex issues and business updates clearly to diverse audiences, ensuring alignment and transparency

Qualifications

Essential

·       Any full time Graduation in Computer Science/ Information Security/ any Engineering stream/ others

·       Demonstrable understanding of the cybersecurity risk and controls inherent in various technologies and related security best practices

·       Demonstrable ability to identify risks associated with business processes, operations, cybersecurity programs and technology projects

·       Have a knowledge and understanding of various Cybersecurity / Information Assurance Frameworks, such as NIST CSF.

·       Have a clear knowledge of security standards, methodologies, or frameworks such as ISO27001 or COBIT

·       Demonstrable ability to work in a fast-paced, deadline driven environment.

·       Excellent verbal and written communication skills with the ability to effectively articulate complex technical terms to both technical and non-technical audiences

·       Demonstrated excellence in a variety of competencies including teamwork, collaboration, analytical thinking, communication and influencing skills, and technical expertise.

Desirable

·       7+ years of experience with good understanding of GRC work with demonstrable knowledge and understanding of risk and controls and ability to communicate to all audiences.

·       Experience in the development of the approach to information risk management and assurance

·       Expert in the concept of strategic risk treatment, including risk avoidance or termination; risk reduction or modification; risk transference or sharing; risk acceptance or tolerance and retention.

·       Industry accreditation like Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC)

·       Experience in developing and delivering a cybersecurity risk management framework and methodology within an organisation.

·       Demonstrable understanding and experience in delivering service management techniques and tooling in line with ITILv4.
Our purpose

Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. 
Our people and culture

Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work.
Professional development

At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse   learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India.
Benefits to help you thrive

At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you.
Recruiting tips

From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.

Requisition code: 319923