Position Details: Cyber Strategy – Senior Consultant

Description:

• Deloitte’s Cyber Risk Services *help our clients to be
secure, vigilant, and resilient in the face of an ever-increasing array of
cyber threats and vulnerabilities.

Our Cyber Risk practice helps
organizations with the management of information and technology risks by
delivering end-to-end solutions using proven methodologies and tools in a
consistent manner.

Our services help organizations to address, in a timely
manner, pervasive issues, such as identity theft, data security breaches,
data leakage, cyber security, and system outages across organizations of
various sizes and industries with the goal of enabling ongoing, secure, and
reliable operations across the enterprise.

Deloitte’s Cyber Risk Services have been recognized as a leader by a number
of independent analyst firms. *Kennedy Consulting Research & Advisory, a
leading analyst firm, recently named Deloitte a global leader in cyber
security consulting. *Source: Kennedy Consulting Research & Advisory; Cyber
Security Consulting 2013; Kennedy Consulting Research & Advisory estimates
© 2013 Kennedy Information, LLC.

Reproduced under license

• Work you’ll do
• As a professional working for Cyber Strategy and Risk Management, you will
play a critical role in supporting the second line of defense by providing
independent oversight, challenge, and guidance on cyber and technology
risks across the organization.

This role involves collaborating with
business units, first line technology teams, and other risk functions to
ensure effective identification, assessment, mitigation, and monitoring of
risks in alignment with regulatory requirements and organizational risk
appetite.

You’ll:

· Targeted Risk Reviews

o Lead and support risk assessments of new and existing technology
initiatives, products, and services.

o Conduct deep-dive risk reviews of IT and Cyber domains such as Identity
& Access Management, Network Security, Incident Management, Data Protection
etc.

o Advise business and IT stakeholders on risk mitigation strategies and
control enhancements.

· Technology Risk Oversight

o Provide independent oversight and challenge to first line technology
risk activities, controls, and remediation plans.

o Review and assess technology risk and control self-assessments (RCSAs),
risk registers, and key risk indicators (KRIs).

o Monitor emerging technology risks (e.g., AI, quantum, etc.) and escalate
as appropriate.

· Policy & Framework Review & Development

o Contribute to the development, maintenance, and enhancement of
technology risk management frameworks, policies, and standards.

o Ensure alignment with regulatory expectations (e.g., FFIEC, NIST, ISO

· Cyber Maturity Review & Challenge

o Review quarterly cyber maturity reviews performed by first-line and
challenge the outcomes with clear reasoning.

· Reporting & Communication

o Prepare and present technology risk reports, dashboards, and insights
for senior management and governance committees.

o Communicate complex technology risk concepts in clear, business-focused
language.

• The team
• Cyber Risk Services (CRS) group is part of the wider Technology Risk
practice within Deloitte Advisory.

We help

“Fortune 500” clients solve business issues related to risk management,
cyber threats, privacy, governance, business resilience & process
improvements.

Learn more about our Cyber Risk Services practice.

Deloitte’s Cyber Strategy and Governance practice is focused on helping our
manage cyber threats.

We help our clients to define their overall cyber
strategy, design global, pan-enterprise programs that focus on mitigating
threats, evaluate their objectives, priorities, strengths and weaknesses
and roll out large scale organizational changes to achieve goals.

• Qualifications and Experience
•

Required:
· Bachelor’s degree in information technology or related field

· 8+ years information security experience with 3+ years of
experience in technology risk management

· Excellent verbal and written communication

· Understanding and knowledge of industry standards and industry
frameworks (e.g., COBIT, COSO, ISO 27001, PCI, NIST)

· Experience of implementing and operationalizing technology risk
management programs.

· Understanding of security requirements, contributions to security
design and hands-on implementation of multiple security technologies and
capabilities

· Hands on experience working with stakeholders in identifying,
prioritizing and developing plans and roadmaps for cyber security programs

· Broad domain knowledge and strong understanding of three or more
cyber security domains including (but not limited to):

· Cyber risk strategy

· Cyber risk program management and delivery

· Cyber security operations

· Security architecture

· Data protection

· Application security/SDLC

· Third party risk management

· Cloud security

· Cyber Threat Intelligence

· Security Operations Center

· Incident Response

· Cyber Resilience

Preferred:
· B.E. / B.Tech + MBA (Preferred)

· CISSP / CRISC (or equivalent)

Perform an action: