Job Title: T&T | Cyber: CST | Associate Director | CISSP | GRC | Gurgaon
Location - Gurgaon
The Team
Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks. Learn more aboutCybersecurity
Your work profile
· Develop, implement, and maintain risk and governance frameworks.
· Guide teams/Handle client information security posture, identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk.
· Recommend security solutions and enhancements aligned with business goals and threat landscape.
· Conduct security risk assessments of third-party vendors and service providers.
· Define TPRM frameworks and integrate them into the overall risk management program.
· Perform cybersecurity maturity assessments using established frameworks such as NIST CSF, NIST-800-53, ISO 27001
· Frontend teams for ISO 27001 based Information Security Management System implementation and sustenance-based projects.
· Lead risk identification, evaluation, mitigation, and monitoring activities.
· Deliver actionable insights and improvement roadmaps based on assessment results.
· Understand and evaluate application security architectures, including secure SDLC practices, threat modelling and secure coding standards.
· Plan, execute, and report on comprehensive IT and OT security audits.
· Lead teams or work as team member to conduct Information Systems audits covering IT infrastructure assets.
· Manages security and cyber strategy projects, guides the team on a day-to-day basis and ensures that assigned tasks and responsibilities are fulfilled in a timely fashion.
· Responsible to assist client in review / implement Information Security controls in areas as mentioned, but not limited to: Change management process, Incident management process, Backup process, User identity and access management, Antivirus management, SLA performance and monitoring, Media handling & Exchange of information, Physical and environmental Security, and Media & Information Handling.
· Conduct and support PCI DSS assessments and gap analysis.
· Provide guidance for remediation efforts to ensure ongoing compliance.
· Demonstrates understanding of complex business and information technology management processes.
· Ensure compliance with cybersecurity guidelines and regulations issued by RBI, SEBI, IRDA, BCAS, NCIIPC, and other relevant bodies.
· Track evolving regulatory requirements and integrate changes into the cybersecurity program.
· Understanding of cloud service models and security controls across major platforms (AWS, Google Cloud, Azure).
· Plan and execute ITGC control testing covering areas such as access management, change management, and operations controls. Identify control gaps and support remediation efforts.
· Interacts with clients, managers, and partners to build and nurture strong relationships.
· Tailors firm tools and methodologies as per client requirements.
Key Skills Required
• B. E/ B-Tech (Tier 1/2) or master’s degree in information security, Computer Science, or a related field
• Professional certifications such as CISSP, CISA, CISM, CRISC, ISO 27001 LA/LI, ISO 31000 LA/LI, ISO 22301 LA/LI, CISA, ITIL or PCI QSA are preferred.
· 10+ years of relevant experience in cybersecurity consulting, risk management, and compliance.
· In-depth knowledge of security frameworks and standards (e.g., NIST, ISO 27001, COBIT).
· Strong analytical, communication, and stakeholder management skills