Manager - UK ITS - Information Security Operational Assurance

le contenu du travail

SCAM ALERT: Caution against fraudulent job offers!
More Info

×

SCAM ALERT
Caution against fraudulent job offers!

We have been informed of instances where jobseekers are led to believe of fictitious job opportunities with Deloitte India (“Deloitte”). In one or more such cases, false promises of actual or potential selection, or initiation or completion of the recruitment formalities appear to have been or are being made. Some jobseekers appear to have been asked to pay money to specified bank accounts of individuals or entities as a condition of their selection for a ‘job’ with Deloitte. These individuals or entities are in no way connected with Deloitte and do not represent or otherwise act on behalf of Deloitte.

We would like to clarify that:
At Deloitte, ethics and integrity are fundamental and not negotiable.
We are against corruption and neither offer bribes nor accept them, nor induce or permit any other party to make or receive bribes on our behalf.
We have not authorised any party or person to collect any money from jobseekers in any form whatsoever for promises of getting jobs in Deloitte.
We consider candidates on merit and that we provide an equal opportunity to eligible applicants.
No one other than designated Deloitte personnel (e.g., a Deloitte recruiter or Deloitte hiring partner) is permitted to extend any job offer from Deloitte.

Anyone who at any time has made or makes any payment to any party in exchange of promises of job or selection for a job with Deloitte or any matter related to this (including those for ‘registration’, ‘verification’ or ‘security deposit’) or otherwise engages with any such person who has made or makes fraudulent promises or offers, does so (or has done so) entirely at their own risk. Deloitte takes no responsibility or liability for any such unauthorised or fraudulent actions or engagements.
We encourage jobseekers to exercise caution.

Information Security Operational Assurance Manager, UK ITS

To work in an innovative and creative Information Security team. A world class operation with extensive knowledge and experience. Interfacing with business and technical teams and bringing about change and influence across the whole world of Deloitte. Apply your skills here to make things happen, great people, great purpose and passionate about our work.

The Team

At Deloitte, we’re all about collaboration. And nowhere is this more apparent than among our 2,000-strong internal services team. With our combined specialist skills, we provide all the essential support and advice our client-facing colleagues need, right across the firm. This enables them to focus all of their efforts on delivering the best service possible to their clients. Covering seven distinct areas; Human Resources, Clients & Industries, Finance & Legal, Practice Support Services, Quality & Risk Services, IT Services, and Workplace Services & Real Estate, together we live, breathe and deliver the Deloitte experience. Regulation and controls are standard practice in our industry and Deloitte is no exception. These controls provide important legal protection for both you and the firm. We are subject to several audit regulations, one of which requires that certain colleagues abide by specific personal independence constraints. This can mean that you and your "Immediate Family Members" are not permitted to hold certain financial interests (shares, funds, bonds etc.) with audit clients of the firm. The recruitment team will provide further detail as you progress through the recruitment process.

Work you’ll do

The Information Security Operational Assurance Manager will be responsible for:

Defining and implementing the information security operational assurance framework and risk assessment methodologies.
Working with asset owners across the UK firm to identify high risk assets and establish an annual review schedule.
Completing security assurance reviews of high-risk assets in accordance with the annual review schedules.
Supporting Service Lines and IT functions in conducting risk assessments affecting business processes and operational activities.
Ensuring operational security risks are subject to formal risk governance.
Producing good quality KPIs and KRIs for governing and managing IS risks
Providing regular updates to the Information Security Leadership team regarding key risk indicators and the status of key operational security controls
Developing and maintaining risk assurance processes and procedures
Maintaining the accuracy of the risk register
Producing content to support submission of reporting papers to executive governance and risk committees.
Liaising with risk functions across the information security team and 2nd line functions to support risk governance activities, process improvement initiatives and fulfilling internal and external reporting obligations.
Working across the CISO function and other risk and control functions to support deployment of our security strategy.
Analyzing management and technical security controls to ensure that mandated security and compliance requirements are met through the verification of documented processes, procedures and standards.

In the CISO team we are results focused and believe in excellence in respect in all aspects of our work and interaction with each other. We make full use of technologies that help support different ways of working. At Deloitte we believe the best impact is the value we add, not the hours we sit at our desk. We, therefore, carefully consider agile ways of working, both formal and informal, that allow for the best impact for our people and our clients. If you would like to hear more about our flexible working arrangements, please let us know.

Qualification Required:
Degree in IT / computer science or information security.

Experience Required:
Minimum 9 years in an information security risk assurance role.
At least one industry certification (e.g. CISM, CRISC, CISA, CISSP).
Strong report writing skills.
Experience of external security accreditations including ISO 27001 and Cyber Essentials and Information Security Management Systems.
Experience of ISO 9001 based quality management systems.
Strong knowledge and understanding of security metrics and reporting requirements, and developing key performance and key risk indicators
Strong knowledge and understanding of security policy frameworks and control implementation.
Strong knowledge of risk management methodologies and risk analysis.
Strong risk governance experience, specifically in relation to the creation, maintenance, and implementation of risk registers, and reporting to risk governance committees.
Strong ability to develop and maintain security processes and procedures.
Strong knowledge of GRC tools and platforms such as Archer

Work Timings: 2 PM to 11 PM

Location: Hyderabad

How you’ll grow

At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in exactly the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Centre in India, our state-of-the-art, world-class learning Centre in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India

Benefits

At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.

Deloitte’s culture

Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte.

Corporate citizenship

Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world.

\“Deloitte\” is the brand under which tens of thousands of dedicated professionals in independent firms throughout the world collaborate to provide audit, consulting, financial advisory, risk management and tax services to selected clients. These firms are members of Deloitte Touche Tohmatsu Limited DTTL, a UK private company limited by guarantee. Each member firm provides services in a particular geographic area and is subject to the laws and professional regulations of the particular country or countries in which it operates. DTTL does not itself provide services to clients. DTTL and each DTTL member firm are separate and distinct legal entities, which cannot obligate each other. DTTL and each DTTL member firm are liable only for their own acts or omissions and not those of each other. Each DTTL member firm is structured differently in accordance with national laws, regulations, customary practice, and other factors, and may secure the provision of professional services in its territory through subsidiaries, affiliates and/or other entities.
In the United States, Deloitte LLP is the member firm of DTTL. Like DTTL, Deloitte LLP does not provide services to clients. Instead, services are primarily provided by the subsidiaries of Deloitte LLP, including:
Deloitte & Touche LLP
Deloitte Consulting LLP
Deloitte Financial Advisory Services LLP
Deloitte Tax LLP

Requisition code: E22HUMGRKJ-EDC-ISOA