Job Title:  Deputy Manager | Certified Information Security Manager (CISM) | Coimbatore | Cyber Strategy & Trans

The Team 

Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks 

Your Work Profile 

As a Deputy Manager professional in our Cyber Team you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - 

Role Summary  

As a part of our Cyber strategy team, you will build and nurture positive working relationships with teams and clients with the intention to exceed client expectations. 

Key Required Skills :

• Accountable for the definition, creation, and support of Cyber Risk Exception handling process
• Responsible for ensuring a risk-based approach is consistently taken to exception handling process.
• Responsible for establishing a schedule of authority for risk exception approval.
• Accountable for ensuring the framework enforces full lifecycle management of Risk Exceptions and findings.
• Responsible for lightweight assurance to ensure the Risk Exception Mgt. the framework is being implemented and operated consistently across the organization.
• Responsible for defining and operating the Risk Exception Governance Framework
• Responsible for ensuring Risk surfaced through the exception handling process is fed through into the broader Cyber Risk Management framework.
• Understanding of global best practice standards (e.g. NIST, CIS, ISO), Information Security standards and controls, and the “three lines of defense” model for appropriate segregation of duties and risk transparency
• Experience in Cyber Security, especially cyber risk management, & other security domains like, network security, application security, vulnerability & patch management, data security.
• Responsible for the aggregation and reporting of Risk Exception Management
• Continually seek to improve the firm’s security risk assessment methodology.
• Perform risk assessments of business processes, security controls, and technology architecture based upon industry standard requirements.
• Excellent written and verbal communication skills and ability to be understood by both technical and non-technical personnel.
• Ability to manage conflicting priorities and multiple tasks in order to meet key deadlines.
• Stakeholder management and interpersonal skills at both a technical and non-technical level
• Ability to work in a collaborative environment with various info sec departments.
• Ability to drive process teams to understand reporting situation, explores options, and come to a consensus on the preferred solution.
• Research, identify, and consult with subject-matter experts to recommend risk mitigating solution.
• Strong presentation skills
• Ability to work with various stakeholders located across regions (Americas, Europe, APAC)
• Experience within a customer-focused environment
• Ability to visualize, plan, and execute on areas of process improvement that increase the efficiency and delivery of our security capabilities.
• A bachelor’s degree in information security, or a related field from a reputable institution. Advanced degrees and relevant certifications are highly advantageous.
• 7 to 9 years of Domain experience
• Proven expertise in third-party risk management, vendor assessments, ISMS, or related areas, with a track record of successful client engagement and risk mitigation.
• Deep knowledge of information security principles, Data Protection & Privacy regulations, and relevant control frameworks (e.g., ISO 27001, NIST 800-53, GDPR) as they pertain to third-party risk management.
• Strong ability to liaise effectively with clients, manage stakeholder expectations, and collaborate seamlessly across departments and disciplines.
• Excellent communication skills, both written and verbal, for articulating complex concepts and recommendations to diverse audiences.
• Detail-oriented organizational skills, essential for managing multiple client engagements and delivering high-quality results.
• Recognized certifications such as the Certified Third-Party Risk Professional (CTPRP), Certified Third Party Risk Assessor (CTPRA), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), ISO27001, or ISO 22301 certifications are advantageous.
• Proficiency in utilizing modern risk management tools (Example: ServiceNow, Archer, OneTrust, Coupa etc.) and platforms to enhance the efficiency and accuracy of client deliverables

.