Cyber Risk Assistant Manager Assurance, Technology and Controls,
This is a fantastic opportunity for a result driven individual, who enjoys variety and challenge in their working day. You will be joining the Cyber Risk team within Deloitte Business Security (DBS) to help protect the firm, drive positive change and your own professional development in an ever changing, digit'sing and evolving cyber world.
We encourage consideration of flexible ways of working, both formal and informal arrangements that allow for the best outcomes for our people and our clients. If this opportunity is of interest to you with some flexibility, please do discuss with us.
The role requires an in-depth understanding of information, technology and business security and risk. Successful candidates will be expected to demonstrate relevant experience working in a dynamic environment dealing with complex challenges, and communicating to all levels of the business. The role is within the Cyber Risk team which is an internal facing team and a part of the wider Deloitte Business Security team.
•Understand the second line cyber risk services and support awareness, consultancy and delivery of the services across the business.
•Build and maintain relationships, provide Cyber Risk subject matter expertise to the wider DBS & Quality & Risk community, identifying and proactively improving key relationships with stakeholders in that community
•Regularly engage with our first line information security team to understand the technology projects that they are assessing, keep the second line cyber risk team informed of these and upcoming technology changes to facilitate assurance planning
•Support and perform assurance activities over the first line information security reviews of new project engagements, which deliver technology and services to Deloitte. This is to validate that vulnerabilities and findings are translated clearly into operational or business risks that are tracked through to acceptance or mitigation. Ensure all the way through that due consideration has been given to the firms risk appetite, regulatory and legal standards and policies as part of consistent and auditable processes
•Perform assurance activities relating to specific cyber security capabilities/control domains in line with areas of subject expertise across firm systems and processes to report on maturity and effectiveness
•Take a lead on co-ordinating Cyber Risk input into general enquiries and client questionnaires that the team receives, seeking out answers from the Cyber Risk and Information Security teams as needed, refining the process and creating and managing a knowledge repository
•Engage with internal clients and stakeholders to drive understanding of the value of cyber risk assurance and consolidated risk positions and how these activities help enable the business
•Work effectively in diverse teams within an inclusive team culture where people are recognised for their contribution
Your work, your choice
At Deloitte we believe the best impact is the value we add, not the hours we sit at our desk. We carefully consider agile ways of working, both formal and informal, that allow for the best impact for our people and our clients. Please speak to your recruiter about the working pattern that works best for you.
You will have a regional office aligned depending on location, but with the option to work remotely from home too.
This is a permanent full-time role. Our team members are able to work a variety of agile working patterns. Tell us what arrangement works for you and we'll try to accommodate.
Your professional experience
•Information security experience within a relevant business sector
•Ability to demonstrate a good understanding of a range of information technology systems and of any inherent security risks associated with these technologies
•Ability to demonstrate understanding of information security principles, accreditations and best practice (e.g., ISO27001 and ISF Standards of Good Practice for Information Security)
•Ability to effectively communicate business and technical risk to all potential audiences, strong stakeholder management skills, and to understand technology systems and applications from both a technical and business function perspective
•Self-motivated and able to manage multiple concurrent deliverables, good communication skills and ability to provide a positive influence within a team
•One or more respected industry qualifications (e.g. CISSP, CISM, CISA, CRISC, SABSA) preferred but not essential
Your service line: Quality, Risk and Security
The Quality, Risk and Security (QRS) community is an overarching identity for all of the professionals who manage quality and risk for Deloitte. It comprises:
Deloitte Business Security (DBS), National Quality and Risk Management (NQRM), Quality & Risk Operations (QR Ops), and Service Line Quality and Risk Management teams (including Switzerland), and is led by a dedicated partner who sits on the firm's Executive. Within QRS, we use our skills and experience across a variety of disciplines to support a risk intelligent culture at Deloitte; enabling our partners and practitioners to deliver high quality services to their clients, minimising the administrative burden on our people, and acting as custodians of firm risk, security, ethics and reputation.
Regulation and controls are standard practice in our industry and Deloitte is no exception. These controls provide important legal protection for both you and the firm. We are subject to a number of audit regulations, one of which requires that certain colleagues abide by specific personal independence constraints. This can mean that you and your "Immediate Family Members" are not permitted to hold certain financial interests (shares, funds, bonds etc.) with audit clients of the firm.
For a full job description please visit our online Deloitte Careers portal.