Job Title:  Deputy Manager | AI governance-organisation design, policy, controls | Bengaluru | Cyber Strategy &

The Team

Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks. Learn more about Cybersecurity 

Your work profile

•      Work closely with technology, security, and risk teams to manage and support GRC + TPRM solutions.

•      Translate control requirements into:

·       Technical expectations for implementation teams

·       Control validation approaches to assess effectiveness

·       Assess control effectiveness and identify gaps in implementation

•      Manage and support Third-Party Risk Management (TPRM) lifecycle including vendor onboarding, risk assessments, and ongoing monitoring.

•      Manage and complete cybersecurity due diligence questionnaires from clients, partners, and vendors.

•      Coordinate with internal stakeholders to gather accurate responses and supporting evidence.

•      Ensure responses are technically accurate and aligned with organizational policies, regulatory expectations, and control frameworks.

•      Track status, timelines, and outcomes.

•      Collection, validation, and documentation of evidence to support control compliance, third-party assessments, and audit requirements.

•      Analyze control validation and third-party risk assessment results, identify control weaknesses, and escalate critical risks to senior management.

•      Support and manage regulatory and audit activities, including evidence collection, validation, and remediation tracking.

•      Develop and maintain strong knowledge of regulatory frameworks including but not limited to APRA, ASIC, ISO 27001, NIST, CPS 234 (Information Security), CPS 220 (Risk Management), CPS 232 (Business Continuity), and other applicable financial services regulations.

•      Recommend and implement improvements to control validation, TPRM processes, documentation, and reporting mechanisms.

•      Foster strong understanding of cybersecurity controls, third-party risk, and compliance requirements across teams.

•      Stay updated on evolving cybersecurity threats, regulatory requirements, and industry best practices in the BFSI sector to ensure ongoing compliance and effectiveness.

Key skills required: 

•      Bachelor’s degree in computer science, Information Technology, or a related field.

•      4+ years of experience in Cybersecurity GRC, Cyber control reviews and assessment, Cyber control testing, Third-Party Risk Management (TPRM), or a similar role

•      Experience with security frameworks (NIST CSF, CIS, ISO 27001).

•      Strong understanding of control frameworks and standards (e.g., ISO 27001, NIST, SOX, COBIT, GDPR, APRA and other regulations).

•      Strong analytical and problem-solving skills.

•      Excellent communication and documentation skills.

•      Ability to manage multiple priorities and work independently.

•      Experience with GRC tools such as:

•      Exposure to automation or scripting for evidence collection and control validation.

•      Familiarity with cloud environments (AWS / Azure).

•      Exposure to AI-enabled GRC capabilities such as automated evidence validation, intelligent questionnaire response generation, and risk analytics.

•      CISSP, CISA, CRISC, ISO 27001 Lead Auditor/Implementer is preferred

•      Cyber reviews and assessments / Control validation / Control testing

•      Third-Party Risk Management (TPRM) / Due diligence questionnaires / Stakeholder coordination / Regulatory reporting

•      GRC tools

•      Regulatory Compliance / APRA / CPS 234 / Vendor Risk Management

•      AI-enabled GRC Automation