Join our innovative, creative, and inclusive Cyber team - a world-class operation with extensive knowledge, experience and opportunities for professional growth. You will collaborate with business and technical teams to bring about change and influence across the entire world of Deloitte. Apply your skills to make things happen and be a part of a great team that is passionate about serving a great purpose.
The Cyber Exposure Management (CEM) function sits within the wider Deloitte UK Cybersecurity organization. The CEM team serves as a central team providing an ongoing picture of the entire exposure landscape, offering deep risk context and a holistic and continuous view covering external, internal, cloud, and identity assets.
This role within Cyber Exposure Management, will play a pivotal role in the CEM team. This role is central to bridging the gap between security tooling outputs, asset owners, and leadership, by driving the continuous identification, assessment, and prioritisation of cyber exposures.
The successful candidate will be instrumental in supporting CEM processes, providing expert analysis, and fostering effective communication to ensure the organisation's cyber risk posture is understood and proactively managed. This role focuses on analysis, coordination, and reporting.
Work you'll do
As a Deputy Manager, Cyber Engineering on the Cyber Exposure Management team, you will be responsible for:
- Act as a deputy to the CEM Team Manager by supporting daily operations, strategic planning, and continuity of team activities
- Analyze cyber exposure data from vulnerability, configuration, cloud security, and other security tooling outputs to identify and prioritize risk
- Translate technical findings into risk-prioritized insights, coordinate remediation timelines with asset owners, and validate exposure reduction after fixes are implemented
- Support the development, refinement, and implementation of CEM processes, reporting, dashboards, and metrics aligned to organizational objectives
- Facilitate communication across the CEM team, tooling teams, asset owners, and leadership while providing guidance and mentorship to junior team members
The team
At Deloitte, we’re all about collaboration. And nowhere is this more apparent than among our 2,000-strong internal services team. With our combined specialist skills, we provide all the essential support and advice our client-facing colleagues need, right across the firm. This enables them to focus all their efforts on delivering the best service possible to their clients. Covering seven distinct areas; Human Resources, Clients & Industries, Finance & Legal, Practice Support Services, Quality & Risk Services, IT Services, and Workplace Services & Real Estate, together we live, breathe and deliver the Deloitte experience.
The Cyber Exposure Management (CEM) function sits within the wider Deloitte UK Cybersecurity organization. The CEM team serves as a central team providing an ongoing picture of the entire exposure landscape, offering deep risk context and a holistic and continuous view covering external, internal, cloud, and identity assets.
Location: Hyderabad
Shift Timings: 11 AM to 8 PM
Qualifications
Required:
- 5-10 years of experience in information security or cybersecurity focused on cyber exposure management, attack surface management, cyber risk, or threat intelligence
- 2+ years of experience in staff management, mentoring, and coaching
- Experience using Qualys, Prisma, CyCognito, and ServiceNow
- Experience using Microsoft Office Suite
- Knowledge of Key Risk Indicators (KRIs), Common Vulnerabilities and Exposures (CVEs), and Common Vulnerability Scoring System (CVSS)
- Knowledge of confidentiality, integrity, and availability principles
- Knowledge of cybersecurity frameworks including ISO 27000, Open Worldwide Application Security Project (OWASP), and National Institute of Standards and Technology (NIST)
Preferred:
- Experience with data analytics, root cause analysis, and security testing
- Experience preparing reports and dashboards on cyber exposure metrics
- Experience coordinating remediation activities with asset owners and leadership stakeholders
- Certifications such as ITIL, COBIT, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), CompTIA CySA+, or GIAC Security Essentials Certification (GSEC)