Apply now »

Job Title:  T&T | Cyber : CST | Assistant Manager | TPRM | Bangalore

Job requisition ID ::  101985
Date:  Apr 8, 2026
Location:  Bengaluru
Designation:  Assistant Manager
Entity:  Deloitte Touche Tohmatsu India LLP

IT Control Testing Specialist 

 

The Team

Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks. Lear more about  Cybersecurity

 

Your work profile

This role sits at the intersection of control design, implementation, and assurance, ensuring that IT controls are not only compliant but also operationally effective, scalable, and aligned to real-world risk scenarios. As an IT Control Testing Specialist, you will own the lifecycle of IT controls—from interpreting regulatory expectations and translating them into implementable controls, to designing robust testing strategies and driving remediation with engineering precision.

 

1. IT Controls Design & Implementation

  • Translate regulatory and framework requirements (e.g., SOX, ISO 27001, NIST) into practical, implementable ITGCs and ITACs across systems and processes.
  • Partner with engineering, DevOps, and infrastructure teams to embed controls within system architecture, workflows, and pipelines (e.g., access provisioning, change approvals, logging, monitoring).
  • Evaluate control design effectiveness by assessing control objectives, risk coverage, and alignment with business processes.
  • Drive standardization and rationalization of control frameworks, reducing redundancy while improving coverage.

 

2. Advanced IT Control Testing & Assurance

  • Independently design and execute risk-based, end-to-end testing strategies for ITGCs and ITACs, including:
  • Access Management (JML, privileged access, RBAC)
  • Change Management (SDLC, DevOps pipelines, emergency changes)
  • IT Operations (job monitoring, backups, incident management)
  • Perform deep-dive control testing using both manual and automated techniques, including data-driven testing, sampling strategies, and re-performance.
  • Leverage tools and scripts (SQL, Python, or GRC platforms) to enhance testing efficiency and coverage.
  • Assess control automation opportunities, including feasibility, ROI, and implementation approach.

 

3. Technical Controls & Security Domain Expertise

  • Apply hands-on understanding of technical security controls, including:
  • Identity & Access Management (IAM, IGA tools, SSO, MFA)
  • Encryption, key management, and certificate lifecycle
  • Secure configuration baselines (OS, DB, Cloud)
  • Logging, monitoring, and SIEM integrations
  • Evaluate effectiveness of controls in cloud environments (AWS/Azure/GCP) and modern architectures (microservices, APIs).
  • Validate secure development practices and DevSecOps controls embedded in CI/CD pipelines.

 

4. Issue Analysis, Remediation & Advisory

  • Analyze control deficiencies to identify root causes (design vs. operating gaps) rather than symptoms.
  • Provide actionable, technically feasible remediation recommendations, aligned with system constraints and business priorities.
  • Work closely with stakeholders to implement and validate remediation, including control re-design where necessary.
  • Track and report on control maturity and risk posture improvements.

 

5. Stakeholder Collaboration & Leadership

  • Act as a trusted advisor to IT, Security, and Business teams on control implementation and optimization.
  • Lead walkthroughs, control discussions, and audit interactions with confidence and clarity.
  • Mentor junior team members on testing methodologies, control interpretation, and technical depth.
  • Contribute to building repeatable testing frameworks, accelerators, and best practices.

 

6. Continuous Improvement & Innovation

  • Stay current with emerging threats, regulatory updates, and evolving control expectations.
  • Drive adoption of automated control testing, continuous controls monitoring (CCM), and data analytics.
  • Contribute to innovation initiatives around control engineering and testing transformation.

 

Key Skills Required

  • Bachelor’s degree in Information Technology, Computer Science, or a related field.
  • Education : 3–5 years of experience in IT audit, IT risk, or cybersecurity with strong exposure to control implementation and testing.
  • Demonstrated experience in:
  • Designing and testing ITGCs and ITACs in complex environments
  • Implementing or advising on technical controls within enterprise systems or cloud platforms
  • Working with GRC tools (ServiceNow, Archer, Jira, etc.)
  • Hands-on experience with data analysis, scripting, or automation in control testing is strongly preferred.
  • Understanding of control frameworks (SOX, ISO 27001, NIST, COBIT).
  • Ability to bridge audit, risk, and engineering perspectives effectively.

 

Apply now »