Job Title:  Assistant Manager - Cyber Controls Review - Bengaluru - Cyber Strategy & Transformation

Your potential, unleashed.

India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond.

At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters.

The team

Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks 

Cyber Control Review Specialist

About the Role

This role plays a vital role in ensuring the effectiveness of controls across cybersecurity and IT domains. As a Control Testing Specialist, you will design, execute, and document comprehensive test plans to evaluate cybersecurity controls, ITGCs and ITACs ensuring alignment with cybersecurity frameworks.

Responsibilities

• Develop a thorough understanding of IT and cybersecurity control frameworks and regulations (e.g., NIST CSF, ISO 27001, CIS Controls, SOX)
• Participate in risk assessments to identify cybersecurity and IT control deficiencies and prioritize testing activities.
• Plan, design, and execute control testing procedures across cybersecurity domains such as (not limited to):
• Identity and Access Management (IAM) and Privileged Access Management (PAM)
• Network Security and Endpoint Protection
• Vulnerability and Patch Management
• Data Protection and Encryption Controls
• Incident Response and Security Monitoring
• Business Continuity and Disaster Recovery
• Change and Configuration Management
• Third-Party / Vendor Risk Management
• Independently design and execute test plans for ITGCs and ITACs, utilizing a variety of testing methodologies.
• Assess the effectiveness controls through a combination of stakeholder interviews, evidence reviews, and automated testing methodologies.
• Perform complex test procedures using automated tools and manual techniques, documenting the results comprehensively.
• Analyze test findings, identify control weaknesses, and recommend remediation actions.
• Collaborate with IT and business process owners to address control deficiencies and implement corrective actions.
• Experience in performing vendor security reviews covering cyber security domains
• Stay updated on emerging cybersecurity threats and control best practices.

Qualifications and Education

• Bachelor’s degree in information technology, Computer Science, or a related field (or equivalent experience).
• 2-7 years of experience in Cybersecurity assessments, IT security, or a similar role with a focus on controls testing.
• Strong working knowledge of cybersecurity controls frameworks and IT control testing methodologies.
• Familiarity with tools like ServiceNow, Jira, or other GRC platforms.
• Experience in assessing and providing recommendations on the feasibility of automating manual control testing processes.
• Adaptability to manage a dynamic control population and evolving client needs.
• Excellent analytical and problem-solving skills.
• Strong communication, collaboration, and leadership skills.

Certifications (Good to have)

• CISA
• CISM
• CISSP
• ISO 27001: Certified Lead Auditor

Location

 Bangalore