Job Title:  T&T | Cyber: CST | Assistant Manager | ISMS | Delhi

The team 

Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks 

Your work profile   

As an Assistant Manager within the Cyber Risk team, you will support and deliver cybersecurity consulting engagements focused on risk management, governance, compliance, security assessments, and technology risk advisory. You will work closely with clients and internal teams to identify risks, strengthen security posture, drive remediation initiatives, and deliver value-driven cybersecurity solutions.

Key Responsibilities

• Support the development and implementation of cybersecurity governance and risk management frameworks.
• Conduct cybersecurity risk assessments, identify security gaps, and recommend mitigation strategies.
• Perform cybersecurity maturity assessments using frameworks such as NIST CSF, NIST 800-53, ISO 27001, and COBIT.
• Lead/support ISO 27001 ISMS implementation, sustenance, and compliance initiatives.
• Conduct Third-Party Risk Management (TPRM) assessments and vendor security reviews.
• Plan and execute IT/OT security assessments, ITGC testing, and Information Systems audits.
• Assess application security practices including secure SDLC, threat modelling, and security controls.
• Support PCI DSS assessments, gap analysis, and remediation activities.
• Ensure compliance with regulatory requirements including RBI, SEBI, IRDAI, BCAS, and NCIIPC guidelines.
• Review cloud security controls across AWS, Azure, and Google Cloud environments.
• Manage assigned workstreams, mentor junior team members, and ensure timely project delivery.
• Build and maintain strong client and stakeholder relationships.
• B.E./B.Tech in Computer Science, Information Security, IT, or related discipline.
• Professional certifications such as CISSP, CISA, CISM, CRISC, ISO 27001 LA/LI, ITIL, or PCI QSA preferred.
• 4–6 years of relevant experience in Cybersecurity Consulting, GRC, Risk Advisory, or Information Security.
• Strong knowledge of cybersecurity frameworks (NIST, ISO 27001, COBIT, PCI DSS).
• Strong analytical, communication, stakeholder management, and problem-solving skills.
• Ability to manage multiple engagements in a fast-paced consulting environment.