Deloitte | India Offices of the US

Cyber

Deloitte Cyber understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful insights to help our clients navigate the ever-changing threat design and technology as we partner with clients to transform finance.

Position Summary

Level: Solution Delivery Lead

Work you’ll do:

• Assist in the selection and tailoring of third party risk management approaches, methods and tools to support delivery of third party risk assessment services
• Assist clients in developing their third party risk management programs, such as risk tiering methodology, risk assessment process flows, risk assessment questionnaires, and reports
• Perform third party risk assessments to help clients identify and evaluate complex business and technology risks related to third parties, and provide recommendations for managing those risks
• Participate in project management activities such as leading status calls, risk and issue management, escalations, invoicing, etc.
• Provide periodic updates about status of work assigned to the project manager
• Mentor new assessors on tools and methodology to conduct cyber risk reviews and demonstrate good understanding of client specific cyber security policy and procedures
• Update project manager on potential risks and delays to the project delivery
• Generate innovative ideas and challenge the status quo
• Facilitate use of Deloitte tools and methodologies to review, design and/or implement third party cyber risk services
• Identify opportunities to improve operational excellence
• Support project managers in sales pursuits and proposals and assist in building practice eminence
• Participate in and actively support mentoring relationships within practice

The Team

Cyber Operate : Third Party Risk Management (TPRM) capability is part of the wider Cyber Operate Practice. The TPRM team is focused on helping our clients identify and manage the cyber risks arising from their association with third parties or service providers. We help our clients to define their overall third-party cyber risk strategy, design and implement enterprise-wide programs and technology that focus on identifying and reducing risks; help them evaluate their objectives, priorities, strengths and weaknesses and roll out large scale organizational changes to achieve goals.

Qualifications:

Must Have Skills/Project Experience/Certifications:

• 5 - 7 years of information security experience
• Excellent verbal and written communication
• Excellent understanding of information security and risk frameworks/standards (ISO 27001/2, NIST 800 series, PCI-DSS, etc.)
• Excellent knowledge of key risk areas such as cyber risk, compliance risk and regulatory risk
• Strong knowledge and deep expertise in multiple areas of cyber security and how it impacts the overall business and IT objectives and priorities. Some areas include (not limited to):

• Cyber risk strategy
• Cyber risk program management and delivery
• Cyber security operations
• Security architecture
• Data protection
• Application security/SDLC
• Third party risk management
• Cloud security
• Cyber Threat Intelligence
• Security Operations Center
• Incident Response
• Cyber Resilience

• Understanding and knowledge of industry standards and industry frameworks (e.g., COBIT, COSO ISO 27001, PCI, NIST)
• Demonstrate a general knowledge of market trends, competitor activities, Deloitte & Touche products and service lines
• Should be a good team player with excellent networking skills
• Excellent inter-personal skills
• Willingness to work in shifts

Good to Have Skills/Project Experience/Certifications:

• CISSP / CISA (or equivalent)
• Good understanding of legal and regulatory requirements around information security and
• Data privacy such as OCC Bulletin 29, FFIEC, HIPAA Security/Privacy, etc.
• 1+ years of project management experience on mid to complex projects required
• Prior consulting experience
• Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing

Education: 

Bachelor’s/master’s degree in information technology or related field

Location: 

Bengaluru/Hyderabad/Pune/ Kolkata