Manager - UK ITS - Information Security Specialist (Risk Assurance)

Job content

SCAM ALERT: Caution against fraudulent job offers!
More Info

×

SCAM ALERT
Caution against fraudulent job offers!

We have been informed of instances where jobseekers are led to believe of fictitious job opportunities with Deloitte India (“Deloitte”). In one or more such cases, false promises of actual or potential selection, or initiation or completion of the recruitment formalities appear to have been or are being made. Some jobseekers appear to have been asked to pay money to specified bank accounts of individuals or entities as a condition of their selection for a ‘job’ with Deloitte. These individuals or entities are in no way connected with Deloitte and do not represent or otherwise act on behalf of Deloitte.

We would like to clarify that:
At Deloitte, ethics and integrity are fundamental and not negotiable.
We are against corruption and neither offer bribes nor accept them, nor induce or permit any other party to make or receive bribes on our behalf.
We have not authorised any party or person to collect any money from jobseekers in any form whatsoever for promises of getting jobs in Deloitte.
We consider candidates on merit and that we provide an equal opportunity to eligible applicants.
No one other than designated Deloitte personnel (e.g., a Deloitte recruiter or Deloitte hiring partner) is permitted to extend any job offer from Deloitte.

Anyone who at any time has made or makes any payment to any party in exchange of promises of job or selection for a job with Deloitte or any matter related to this (including those for ‘registration’, ‘verification’ or ‘security deposit’) or otherwise engages with any such person who has made or makes fraudulent promises or offers, does so (or has done so) entirely at their own risk. Deloitte takes no responsibility or liability for any such unauthorised or fraudulent actions or engagements.
We encourage jobseekers to exercise caution.

Manager-Information Security Specialist/CISO/ITS (Risk Assurance)

To work in the innovative and creative CISO team. A world class operation with extensive knowledge and experience. Interfacing with business and technical teams and bringing about change and influence across the whole world of Deloitte. Apply your skills here to make things happen. You will be part of a great team that are passionate about our work in serving a great purpose.

Work you’ll do

As an Information Security Specialist (Risk Assurance) you will;

Evaluate existing processes to understand inefficiencies or ineffectiveness involved. This includes reviewing the design adequacy & operational effectiveness of BAU processes
Articulate remediation requirements in clear terms that is understood by the audience
Identify key stakeholders & audience, build consensus, handle objections to bring about transformations
Seek feedback from the audience and incorporate it to come up with win-win solutions
Clearly demonstrate how changes in a process will bring about improvements
Create detailed rollout plan and oversee implementation, providing regular status & progress reporting to senior mgmt.
Build training packs, conduct awareness sessions on changes to existing processes, liaise with Corporate communication teams to enable the above where required
Define security non-functional requirements for projects and ensure that they are fulfilled prior to handing over to operations/BAU.
Assist in embedding security into the applications right from the requirements phase of Secure SDLC.
Assist in the definition of the scope and support on the management of penetration and vulnerability testing activities. This will include contributing to plans for remediation of vulnerabilities identified during any penetration or vulnerability tests
Liaise with the Information Security testing team to ensure that code reviews, application scanning and infrastructure scanning is conducted as part of IS risk assurance process
Contribute to the provision of end to end assurance of IT products across Deloitte, during BAU throughout a product’s lifespan, protecting client and employee data and ensuring compliance with Information Security policies and standards
Support in the assessment of the current technology infrastructure and applications to identify information security and compliance risk areas and recommend controls to address those risks
Work with information security management and senior business stakeholders to design a business appropriate information security risk management process
Contribute in identification of risks and can clearly articulate risk items in risk registers as required
Develop and present information related risks to Senior Manager – IS Risk and Assurance and the CISO
Day-to-day operation of the risk management process
Conduct thorough & robust risk assessments, demonstrating clear rationale, capturing remediation and track to completion
Assisting with and producing information security risk papers
Be a self-starter, have the ability to problem solve, identifying issues and solutions options with minimal oversight and handholding
Have the ability to put a business case together that caters to different audiences (mid-level & senior management)
Have a thorough understanding and experience of Risk management process
Assess existing risk mgmt. processes and identify clear areas for improvement
Explain risk management approaches in a manner understood by a non-technical or non-SME audience
Have excellent persuasion, influencing & interpersonal skills

Your work, your choice

In the CISO team we are results focused and believe in excellence in respect in all aspects of our work and interaction with each other. We make full use of technologies that help support different ways of working. At Deloitte we believe the best impact is the value we add, not the hours we sit at our desk.

We, therefore, carefully consider agile ways of working, both formal and informal, that allow for the best impact for our people and our clients. If the working pattern you are looking for is not specifically indicated below, we are happy to discuss alternative arrangements.

Location: Hyderabad

Qualification Required:
An Information Security qualification e.g. CISSP, CISM, CCSP, CEH or equivalent desirable.
Computer Science degree and/or MSC in Information Security desirable but not essential.
Have good knowledge and skills to manage penetration/vulnerability testing processes and remediation.
Demonstrable knowledge of good security practices ensuring adherence to security concepts of confidentiality, integrity and availability.
Demonstrable experience in an information security or risk management role that includes tasks such as carrying out risk assessments, risk assurance activities, documentation and updating of policies, impact assessments, asset identification etc.
Have a demonstrable experience in proactively taking responsibility and owning, following up and resolving issues in such a way that positively impacts team delivery and inspires rest of team.
Have some knowledge of OWASP top ten vulnerabilities, tools and methodologies.
Ability to provide IT/IS Security assurance on projects with a view to taking on complex projects after gaining the requisite experience.
Can think methodically and logically and have well-honed communication skills.
Possess exceptional communication skills with diverse audiences - Strong critical thinking and analytical skills

The Team

At Deloitte, we’re all about collaboration. And nowhere is this more apparent than among our 2,000-strong internal services team. With our combined specialist skills, we provide all the essential support and advice our client-facing colleagues need, right across the firm. This enables them to focus all of their efforts on delivering the best service possible to their clients. Covering seven distinct areas; Human Resources, Clients & Industries, Finance & Legal, Shared Services, National Quality & Risk Management, IT Services, and Property & Corporate Services, together we live, breathe and deliver the Deloitte experience.

How you’ll grow

At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in exactly the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India

Benefits

At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.

Deloitte’s culture

Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte.

Corporate citizenship

Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world.

About Deloitte

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the “Deloitte” name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.

\“Deloitte\” is the brand under which tens of thousands of dedicated professionals in independent firms throughout the world collaborate to provide audit, consulting, financial advisory, risk management and tax services to selected clients. These firms are members of Deloitte Touche Tohmatsu Limited DTTL, a UK private company limited by guarantee. Each member firm provides services in a particular geographic area and is subject to the laws and professional regulations of the particular country or countries in which it operates. DTTL does not itself provide services to clients. DTTL and each DTTL member firm are separate and distinct legal entities, which cannot obligate each other. DTTL and each DTTL member firm are liable only for their own acts or omissions and not those of each other. Each DTTL member firm is structured differently in accordance with national laws, regulations, customary practice, and other factors, and may secure the provision of professional services in its territory through subsidiaries, affiliates and/or other entities.
In the United States, Deloitte LLP is the member firm of DTTL. Like DTTL, Deloitte LLP does not provide services to clients. Instead, services are primarily provided by the subsidiaries of Deloitte LLP, including:
Deloitte & Touche LLP
Deloitte Consulting LLP
Deloitte Financial Advisory Services LLP
Deloitte Tax LLP

Requisition code: E22HUMGRKJ-EDC-ISRA