Cyber
Deloitte Cyber understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful insights to help our clients navigate the ever-changing threat design and technology as we partner with clients to transform finance.
Cyber Strategy & Transformation
Cyber Strategy & Transformation teams develop and transform cyber programs in line with a client's strategic objectives, regulatory requirements, and risk appetite. They keep the enterprise a step ahead of the evolving threat landscape and give stakeholders confidence in the organization's cyber posture. Services include the design of cyber organization, governance, and risk assessments. Services also encompass Cybersecurity Assessments and Frameworks, Cyber Transformation Management, Technology Software and Asset Compliance Management, Third Party Risk Management, Cyber Risk and Compliance, Solution Design and Implementation, and Cyber Risk Analytics and Quantification Reporting.
· Targeted Risk Reviews
- Lead and support risk assessments of new and existing technology initiatives, products, and services.
- Conduct deep-dive risk reviews of IT and Cyber domains such as Identity & Access Management, Network Security, Incident Management, Data Protection etc.
- Advise business and IT stakeholders on risk mitigation strategies and control enhancements.
· Technology Risk Oversight
- Provide independent oversight and challenge to first line technology risk activities, controls, and remediation plans.
- Review and assess technology risk and control self-assessments (RCSAs), risk registers, and key risk indicators (KRIs).
- Monitor emerging technology risks (e.g., AI, quantum, etc.) and escalate as appropriate.
· Policy & Framework Review & Development
- Contribute to the development, maintenance, and enhancement of technology risk management frameworks, policies, and standards.
- Ensure alignment with regulatory expectations (e.g., FFIEC, NIST, ISO 27001) and industry best practices.
· Cyber Maturity Review & Challenge
- Review quarterly cyber maturity reviews performed by first-line and challenge the outcomes with clear reasoning.
· Reporting & Communication
- Prepare and present technology risk reports, dashboards, and insights for senior management and governance committees.
- Communicate complex technology risk concepts in clear, business-focused language.
Qualifications:
Required
· Bachelor’s degree in information technology or related field
· 3-5 years information security experience with 3+ years of experience in technology risk management
· Excellent verbal and written communication
· Understanding and knowledge of industry standards and industry frameworks (e.g., COBIT, COSO, ISO 27001, PCI, NIST)
· Experience of implementing and operationalizing technology risk management programs.
· Understanding of security requirements, contributions to security design and hands-on implementation of multiple security technologies and capabilities
· Hands on experience working with stakeholders in identifying, prioritizing and developing plans and roadmaps for cyber security programs
· Broad domain knowledge and strong understanding of three or more cyber security domains including (but not limited to):
- Cyber risk strategy
- Cyber risk program management and delivery
- Cyber security operations
- Security architecture
- Data protection
- Application security/SDLC
- Third party risk management
- Cloud security
- Cyber Threat Intelligence
- Security Operations Center
- Incident Response
- Cyber Resilience
Preferred:
· CISSP / CRISC (or equivalent)
Education:
- Bachelor’s degree + MBA (Preferred)