Job requisition ID ::  6880
Date:  Nov 20, 2021
Location:  Mumbai
Designation:  Assistant Manager
Entity:  Deloitte Touche Tohmatsu India LLP

Location: Mumbai, Pune & Delhi

 Level: Consultant, AM & DM


  • Responsible for ISO 27001 based Information Security Management System implementation and sustenance
  • Responsible for advising clients on Business Continuity Planning, IT Disaster Recovery planning
  • Assess client information security posture, identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk
  • Responsible to assist client in review / implement Information Security controls in areas as mentioned, but not limited to: Change management process, Incident management process, Backup process, User identity and access management, Antivirus management, SLA performance and monitoring, Media handling & Exchange of information, Physical and environmental Security, and Media & Information Handling
  • Responsible to assist client in developing information assets inventory and classification
  • Responsible for conducting clients vendors risk assessment and providing a holistic view of clients risk exposure due to outsourcing
  • Responsible for advising and assisting clients to develop and implement Information classification framework
  • Conduct Information Systems audits covering IT infrastructure assets
  • Advice clients on data privacy, data leakage prevention, identity and access management
  • Serves as technical lead or subject matter specialist on security and privacy implementation projects, responsible for design, build, testing and deployment of solutions
  • Demonstrates ability to work independently on projects with limited supervision
  • Demonstrates understanding of complex business and information technology management processes
  • Demonstrates working knowledge of firm tools and methodologies that may be suitable for the engagement
  • Manages day-to-day client relationships at mid and lower levels.


  • Understanding of Third party/vendor/supplier risk management considerations
  • Knowledge of Data Protection & Privacy related risks associated with Third-Party and relevant control frameworks for Third party risk management
  • Excellent written/verbal communication 
  • Excellent documentation and presentation skills
  • Highly motivated and willing to work in local and global environments
  • Security certifications like CISSP, CISA, CISM, CEH, ISO27001
  • Work experience in Infrastructure / Application Security
  • Work experience in IT Audit
  • Work experience in Cloud Security
  • Work experience in Information Risk Management
  • Work experience in Information Security or Cyber Security domains
  • GRC tool experience like Archer, ServiceNow, OneTrust, ProcessUnity, Security Scorecard etc