Job Title:  Manager | ISO:27001 | Bengaluru | Cyber Strategy & Transformation

1. Delivery & Technical Leadership

1. ISMS Implementation: Lead the end-to-end design, implementation, and maintenance of an ISMS based on the ISO/IEC 27001:2022 standard for global clients.
2. Gap Analysis: Oversee comprehensive gap assessments against ISO 27001 requirements and Annex A controls to identify security posture deficiencies.
3. Risk Management: Lead formal Information Security Risk Assessments (using frameworks like ISO 27005) to identify threats and vulnerabilities, and define risk treatment plans.
4. Statement of Applicability (SoA): Define and justify the inclusion/exclusion of controls within the SoA based on client business needs.
5. Internal Audit: Manage and execute internal audits to ensure compliance before formal certification audits by external bodies (e.g., BSI, SGS).
6. Policy & Procedure Development: Lead the creation of high-level security policies, standards, and operational procedures tailored to the client’s organizational culture.

2. Project & Engagement Management

1. Engagement Delivery: Take full ownership of project timelines, budgets (burn rates), and resource allocation for multi-million dollar cybersecurity engagements.
2. Quality Assurance: Review the work produced by Consultants and Senior Consultants (deliverables, reports, presentations) to ensure "Deloitte-quality" standards.
3. Stakeholder Management: Present complex security findings and ISO 27001 roadmaps to C-Suite executives (CISO, CIO, CRO) and Board members.
4. Reporting: Develop sophisticated dashboards and progress reports to communicate project status and residual risk to client leadership.

3. Business Development & Growth

1. RFP & Proposals: Lead the development of technical proposals and "Requests for Proposals" (RFPs) to win new business.
2. Relationship Building: Identify "add-on" opportunities at existing clients where Deloitte can provide further cyber services (e.g., Pentesting, Cloud Security, or Managed Services).
3. Thought Leadership: Contribute to Deloitte’s brand by writing white papers, speaking at industry conferences, or developing internal methodologies for ISMS automation.

4. Team Leadership & People Management

1. Mentorship: Act as a "Coach" or "Counselor" for junior staff (Analysts to Senior Consultants), guiding their career progression and technical skill development.
2. Performance Management: Conduct formal performance reviews and provide real-time feedback on project performance.
3. Recruitment: Participate in the interview and hiring process to grow the Cyber Risk team.

5. Specialized Consulting Areas (The "Deloitte Edge")

1. Integrated Frameworks: Help clients map ISO 27001 controls to other frameworks such as NIST CSF, SOC2, HIPAA, or GDPR to reduce audit fatigue.
2. Tooling & Automation: Advise clients on selecting and implementing GRC (Governance, Risk, and Compliance) tools like ServiceNow, OneTrust, or Archer to manage their ISMS.
3. Certification Support: Act as the liaison between the client and the External Certification Body during Stage 1 and Stage 2 certification audits.

Required Experience/Certifications:

Professional Experience: 7–10 years in Cyber Security, with at least 4–5 years focused specifically on ISO 27001.

Certifications:

Must Have: ISO 27001 Lead Implementer or Lead Auditor.

Highly Desired: CISSP, CISM, or CISA.

Education: Bachelor’s or Master’s degree in IT, Cybersecurity, or Risk Management.

Soft Skills: Exceptional "Executive Presence"—the ability to talk about technical security in a way that business leaders understand.