What impact will you make?

Every day, your work will make an impact that matters, while you thrive in a dynamic culture of inclusion, collaboration and high performance. As the undisputed leader in professional services, Deloitte is where you’ll find unrivaled opportunities to succeed and realize your full potential

Deloitte is where you’ll find unrivaled opportunities to succeed and realize your full potential.

The Team

Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks.

Learn more about our Cyber Risk Practice.

Job description

•  Cyber strategy team assist organizations to develop and implement a well-defined cyber risk culture and educate employees about threat awareness to help accelerate behavioral change.
• Cyber strategy, transformation, and assessments work group with clients to determine their risk tolerance, and to identify their key business risks and cyber-threat exposures.
• Enabling executives to recognize, analyze, and address third-party and regulatory compliance risks created by the development of new, complex, distributed networks in order to avoid potential threats to business-critical data and systems as part of cyber risk management and compliance function

The key job responsibilities include the following:

• Responsible for performing cyber security maturity assessments for organizations.
• Experience in conducting cyber risk assessment /cyber threat exposure for clients.
• Creating cyber training and awareness creation materials and imparting training to create a holistic cyber culture across the organization.
• Analyzing, advising, and addressing third party, regulatory and compliance risks for the clients across industry.
• Creating an insider risk management program or perform insider risk maturity assessment.
• Support clients in performing risk-based reviews to identify key assets and prioritize security resources in mitigating the cyber risks
• Come up with tailor made cyber strategy for clients considering the industry, business scenarios and the type of work force to reduce the financial and reputational risks to the organization.
• Responsible to assist client in review / implement Information Security controls in areas as mentioned, but not limited to: Change management process, Incident management process, Backup process, User identity and access management, Antivirus management, SLA performance and monitoring, Media handling & Exchange of information, Physical and environmental Security, and Media & Information Handling
• Conduct Information Systems audits covering IT infrastructure assets

The key skills & experience required are as follows:

• Minimum 3+ years of work experience in information security.
• nowledge of cyber security governance models, security frameworks such as ISO/IEC 17799, ISO/IEC 27001, COBIT, ITIL, NIST etc.

• Aware of key regulatory and compliance requirements.
• Understanding how business is impacted by key cyber risks
• Hands on experience on creation of insightful presentation to business leaders highlighting the cyber posture of the organization
• Understanding emerging risk and trends on the cyber front.
• Experience in assessing insider risk management program for organizations including the employee life cycle management
• Well versed in controls addressing key cyber risk which could put in place  
• Understanding on technology and tools to prevent and detect cyber risks.
• Carrying out cyber resilience assessments for clients
•  Dashboarding key cyber parameters to various stake holders in the organization.
• Manage client relationships at mid management levels of the organization.

Additional Skills

• Strong communication skills (written & verbal)
• Demonstrates ability to write technical reports and documents including making impactful presentations
• Demonstrates knowledge of one or more industry or functional area
• Working knowledge on eGRC tools like Archer, ZenGRC would be an added advantage.

Education Qualification :

• B.E / B.Tech (Tier 1/2) in Computer Science/ Any graduate/PG , Information Technology or related fields

Professional qualification

• ISO 27001 LA/LI, ISO 31000 LA/LI, ISO 22301 LA/LI, CISA, CSM, ITIL, or equivalent certification preferred

Additional Skills

• Strong communication skills (written & verbal)
• Demonstrates ability to write technical reports and documents including making impactful presentations
• Demonstrates knowledge of one or more industry or functional area
• Working knowledge on eGRC tools like Archer, ZenGRC would be an added advantage.