Job Title:  Director | IT Audits | Mumbai | Cyber Strategy & Transformation

Your potential, unleashed.

India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond.

At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters.

The Team

Deloitte helps organizations prevent cyberattacks and protect critical infrastructure and emerging technologies like of IIoT, OT, AI and Cloud assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks
Cyber Security Center of Excellence

The Bank has been making rapid strides in digital business delivery. The IT and digital verticals are ably driven by a professional team of IT officials. The Bank holds a pole position in Indian banking ecosystem and is looked up to by various stakeholders for playing a lead role and support in enabling cyber security landscape.

With rapid enhancements and evolutionary & disruptive nature of technology, a need has been felt to invest dedicatedly in creating capacities in research and innovation through an entity like Cyber Security Centre of Excellence (CSCoE).

 Your work profile

We are looking for  Project Director – Strategy, Leadership & Advocacy in our Cyber Team. As part of your work profile, you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: -

Key Responsibilities:

Strategy and Go-live

·       Define various cyber security initiatives related to building a center of excellence along with a detailed roadmap for the next 5 years

·       Initiatives could include research and innovation, tools benchmarking, capacity building, etc.

·       Establish blueprint for each identified initiative

·       Project manage the complete implementation of these initiatives

·       Support for go-live of CSCoE initiatives

a.      Design and Implementation of Operating Framework

·       Prepare a detailed blueprint, target operating model for each identified initiative

·       Establish objectives, define end state, and expected benefits for each cyber security initiative

·       Define operationalization plan, phase-wise outcomes, implementation plan, target operating model, roles and responsibilities along with High Level Project Plan (HLPP), Low Level Project Plan (LLPP)

·       Prepare a detailed people construct/staffing plan, operational construct, budgeting/effort estimate, COE premise setup plan, maturity roadmap for each initiative

·       Establish and initiate a tracking & reporting mechanism for each initiative

·       Provide consulting support on best industry practices (both domestic and global) for cyber security initiatives

·       Establish connections with regulatory bodies and educational varsities for CSCoE initiatives

b.      Overall Project Management Support

• Establish and support project management mechanism for CSCoE initiatives
• Prepare a detailed overall progress report for CSCoE on a quarterly basis to Bank
• Identify any project risks/potential roadblocks for various CSCoE programs and intimate the Bank regarding the same
• Prepare phase-wise plan and define criteria for successful execution and outcome measurement for cyber initiatives
• Assist management to track progress of various initiatives and provide stakeholder coordination support
• Support Bank to identify and monitor success factors/milestones for CSCoE programs
• Participate in all internal and external stakeholder meetings and track action items
• Coordination with various partners on overseeing the execution and any interactions as when required
• Support Bank to plan for ongoing evaluation and improvement of cyber security practices and the CSCoE’ s capabilities
• Identify new initiatives which can be taken up by the Bank and assist in planning required capacity/resourcing/financial models for the same
• Support Bank to identify technologies required for CSCoE and support the Bank to design & implement state-of-the-art infrastructure for CSCoE
• Support the Bank regarding office location, design office structure to meet the CSCoE requirements and provide project management support towards implementation and go-live.

c.      Engagement Period:

·       The engagement with the Consultancy resources shall be for 12 months period from the date of Onboarding of Resources.

·       There would also be a requirement and delivery assessment after 6 months and based on the utility of continuing with the consultant, Bank may/ or may not continue with the engagement for the full period of 12 months.

d.      Project Deliverables:

·       A detailed strategy and implementation roadmap for establishing and evolving the CSCoE.

·       A comprehensive plan and blueprints for each initiative that outline the scope, schedule, resources, budget, and risk management strategies for the CSCoE establishment project.

·       Framework to identify, assess, and manage project risks associated with the CSCoE, ensuring effective management and oversight of cybersecurity initiatives.

·       A detailed Target Operation Model (TOM) and Term of Reference (TOR) for each initiative outlining the roles, responsibilities, policies, and procedures to ensure effective management and oversight of cybersecurity initiatives.

·       A detailed plan for allocating human, financial, and technological resources efficiently to support the CSCoE’ s objectives and activities

·       Progress tracking reports and dashboards.

·       Support Bank to coordinate with various internal and external stakeholders for premise setup and CSCoE go-live.

e.      ROLES & RESPONSIBILITIES OF THE CONSULTANCY RESOURCES

Think, Build and Run: Center of Excellence

1.       Business case development

a.      Resource requirement analysis

·       Determine the resources required to establish and operate the CSCoE, including personnel, technology, infrastructure, and training.

·       Identify potential internal and external resources that can be leveraged to support the CSCoE.

·       Assistance in recruiting personnel from the market. This would include conducting tests, interviews etc.

b.      Process Design

·       Define and document the core processes for the CSCoE, startup incubation center, capability building, research and development, knowledge repository, empowering awareness, innovative product development, risk assessment, relationship management, and ongoing support. Tailor these processes to the specific needs of Cyber Security.

·       Study & benchmark best practices and industry standards from Global leaders in this space.

·       Create clear roles and responsibilities for all stakeholders involved in the CSCoE.

·       Suggest operational processes for the CSCoE, covering the entire project lifecycle from origination to evaluation, approval, monitoring, and other activities.

c.      Operational Impact Assessment

·       Evaluate the potential operational benefits of the CSCoE, such as improved process efficiency, enhanced quality, and increased productivity.

·       Identify potential disruptions or challenges and to develop plans to mitigate these challenges to ensure a resilience and smooth operation.

d.      Expected Outcomes and Benefits

·       Identify the key performance indicators (KPIs) that will be used to track the CSCoE's

success.

·       Outline the expected benefits of the CSCoE to the organization, such as improved competitiveness, enhanced innovation, and increased customer satisfaction.

e.       Success metrics

·       Design and develop interactive dashboards to visualize the defined KPIs. These dashboards will provide real-time insights to management and other stakeholders about CSCoE's performance and facilitate data-driven decision-making. The dashboards will be designed for different stakeholder groups (e.g., management, CSCoE team) and will provide varying levels of detail.

2.       Strategic Partnership Development and Ecosystem Engagement

a.       Identification and Engagement: Identify and engage with leading academic institutions, Cyber Security experts, research groups, Regulatory & Statutory bodies and other industry bodies in the Cyber/ Information Security.

b.      Strategic Partnerships: Facilitate the establishment of formal partnerships (MoUs, collaborative agreements) with relevant financial institutions, and industry associations. This includes defining partnership terms, mutual benefits, and collaborative activities.

c.       Research Expenditure Strategy: Develop a comprehensive strategy for expenditure of research initiatives which include:

o  Designing a transparent and rigorous proposal evaluation process

o  Establishing clear guidelines for research project management and reporting.

d.      International Collaboration: Develop a plan for collaboration with international financial institutions and research organizations. This includes identifying potential partners, exploring joint research opportunities, and facilitating knowledge exchange.

e.      Foster Strategic Alliances: Continuously support the CSCoE in identifying, developing, and managing strategic partnerships with key players in the identified the sector, including technology providers, research institutions, industry associations, and potential clients. This may involve facilitating introductions, organizing joint events, or developing collaborative initiatives.

f.        Promote Industry Engagement: Represent the CSCoE at industry events, conferences, and forums to network with key stakeholders, promote the CSCoE's capabilities and expertise, and stay informed about industry trends and developments.

g.       Organize Knowledge Sharing Events / Knowledge Exchange: Plan and execute conferences, workshops, and webinars to disseminate knowledge and best practices to a wider audience, including clients, industry partners, and other stakeholders.

3.       Market Research and Industry Analysis

a.       Industry Trend Mapping: Conduct in-depth research of the Cyber Security sector and market trends, including:

·       Technological advancements and innovation

·       Regulatory development and policy landscape

·       Emerging opportunities and challenges

·       Environmental, social and governance (ESG) considerations

b.      Competitive Landscape Analysis: Assess the competitive dynamics to identify key players, emerging technology & tools in Cyber Security

c.      Best Practices Benchmarking:

Research and analyze global best practices:

·       Identify successful case studies and lessons learned for various Cyber-attacks on financial and non-financial institutions

·       Benchmark against leading industry players and innovators

·       Tools, Technology and Process benchmarking from BFSI perspective

·       Analyze how the bank can adapt and adopt best practices to improve its Cyber Security landscape and related offerings

d.      Networking and Outreach: Organize events, conferences, and workshops to foster networking and collaboration among stakeholders in the sector

e.       Branding and Communication: Develop a branding and communication strategy for the CSCoE to raise its visibility and establish its reputation as a leading knowledge hub. This includes developing marketing materials, engaging with media outlets, and managing social media presence.

4.       Repository Setup and Knowledge Enhancement

a.      Knowledge Creation

·       Develop and maintain a comprehensive knowledge repository, capturing key insights, research findings, industry reports, and best practices. Regularly update this repository with new information and ensure its accessibility and usability for CSCoE staff and relevant stakeholders.

·       This includes curating relevant content, audio, video, Episodes publishing research reports, and hosting webinars and online forums regarding Cyber Security.

·       Research and compile relevant materials that provide comprehensive insights into sector trends, challenges, methodologies, risk assessment, and innovations.

·       Develop and maintain a comprehensive knowledge repository accessible to all team members which includes training modules and relevant material such as presentations, quizzes, manuals etc.).

b.      Knowledge Platform: Develop a platform (e.g., website, online portal) for disseminating knowledge and research findings related to the identified the sector.

c.      Training Program:

·       Facilitate workshops and knowledge-sharing sessions with the bank's team and other stakeholders.

·       Develop and deliver training programs for internal teams to enhance their capabilities in terms of sector trends, challenges, methodologies, risk assessment, project appraisal, underwriting standards, and regulatory compliance.

·       Knowledge exchange with Industry stakeholders, national and international institutions, Government and Statutory bodies & Academia.

·       Bring in guest speakers or industry experts to deliver specialized content or provide real-world insights. Arrange Q&A sessions to deepen participants' understanding of specific challenges. This includes developing a roster of trainers and establishing clear guidelines for their involvement.

d.      Facilitate Continuous Professional Development:

Design and deliver targeted training programs, workshops, seminars, and webinars ensuring CSCoE staff and bank personnel remain up to date with industry best practices, emerging technologies, and evolving market dynamics

e.      Training Calendar:

Comprehensive month-wise & sector wise training/webinar/seminar schedule for a period of one year.

f.        Training Delivery Methodology: Mix of face-to-face sessions with virtual webinars.

g.       Interactive Platforms: Use an interactive platform to facilitate training, allowing employees to participate in discussions, ask questions, and share insights during the session. Encourage feedback surveys to keep track of engagement and make improvements

h.      Repository Updation: Regularly update knowledge repository with new information and ensure its accessibility and usability for CSCoE staff and relevant stakeholders.

5.       Technology Integration and Implementation Support

a.       Digital Enablement

·       Identify the digital elements required to be developed or procured and best practices of competitors shall be analyzed for optimum utilization of available tools and define new functionalities wherever required. Such suggestions must be in line with the current technology infrastructure as well as the to-be operating model and value propositions suggested for building a future ready CSCoE.

·       Provide support to conduct discussions with bank’s technology team, technology and data providers / vendors that can help implement or integrate the solutions suggested as part of this exercise.

b.      Technology Scouting

·       Identify and evaluate advanced technologies (AI, blockchain, machine learning) that can be integrated into the CSCoE's operations.

·       Assess the potential benefits and risks of implementing these technologies.

·       Develop a roadmap for technology adoption and integration.

·       Cost benefit analysis

c.      Pilot Projects

·       Assist in identifying and structuring pilot projects in the sector to test and refine the CSCoE’s processes, service offerings, and technology infrastructure. Define clear objectives and success criteria for the pilot.

·       Support the execution of the pilot program, closely monitoring performance and gathering feedback.

d.      Execution and rollout

·       Develop a comprehensive launch plan for the CSCoE, including communication strategies, training programs, and resource allocation.

·       Provide hands-on support in executing the CSCoE's operations and scaling the processes across the bank.

·       Establish a framework for continuous improvement, including mechanisms for gathering feedback, analyzing data, and identifying areas for optimization.

6.       Development – Platform, models and framework

a.      Start-up Incubation Center:

·       Incubation centre should empower start-ups with unrivalled access to resources, enabling them to unlock their potential & scale business value.

·       Expanding industry impact beyond physical boundaries through virtual incubation, connecting and supporting cybersecurity/privacy start-ups worldwide.

·       Research and Development:

To promote research and development in cybersecurity, supporting initiatives that push the boundaries of what's possible in this field. Nurture research in cybersecurity and privacy, promoting innovation, and driving the development of cutting-edge solutions.

b.      Innovative Solutions

Suggest impactful and innovative solutions within the cybersecurity domain to strengthen cybersecurity, focusing on such as BFSI, government departments etc.

c.      Threat assessment center

It should encompass several key areas: vulnerability and threat identification, threat intel, deep and dark web analysis, risk assessment, mitigation strategies, and ongoing monitoring. This includes analyzing cyber security posture, recommending solutions, and ensuring compliance with relevant standards and regulations. The key considerations are –

a. Cyber Security Posture Assessment

b. Vulnerability and Threat Identification

c. Threat Intelligence

d. Technical and Vulnerability Assessments

e. Risk Assessment

f. Ongoing Monitoring

g. Incident Response and Crisis Management

h. Mitigation Strategies

d.      Forensic Lab Setup

Support in building a state-of-the-art cyber forensics lab, ensuring it's designed to meet the specific needs of the organization, compliant with legal and regulatory standards, and equipped with the right tools and resources. Provide guidance on best practices, software, hardware, develop SOPs and procedures for evidence collection, preservation, and analyzing digital evidence to maintain its integrity and chain of custody. Provide advice to legal team to navigate the complexities of digital evidence, ensuring compliance with legal rules and court requirements.

e.      Incident Response

A capability setup for the purpose of assisting in responding to cyber security incident. Building an elite team of cybersecurity experts who create unparalleled capabilities to address the entire cyber incident life cycle, from incident response readiness assessments to post-incident remediation. Develop the core skills such as triage, digital forensics, malware reverse engineering and remediation.

f.        Advisory Council

Provide expert guidance on council structure, membership, and governance. Help to identify suitable members, define the council's purpose and responsibilities, support the council’s operation, derive the mechanism to evaluate the performance and develop a plan for effective operation and communication. Additionally, support the council in developing strategies, conducting research, and analyzing data to inform decision-making

g.       Regulatory and Cyber Security framework

Develop a framework incorporating emerging standards and best practices being followed in the industry globally. The framework should:

·       Advise on how to navigate regulatory challenges with evolving policies.

·       Ensure compliance with all relevant regulations and standards.

h.      Risk assessment models

·       Develop comprehensive risk evaluation models covering a wide range of risks, along with their mitigations, including:

·       Technology Risk: Assessing the risks associated with technological advancements and disruptions.

·       Operational Risk: Evaluating operational risks such as cyber fraud, cyberattacks, and other disruptions.

·       Regulatory Risk: Assessing the impact of changing regulations and compliance requirements.

·       Environmental Risk: Evaluating environmental risks such as climate change, pollution, and resource depletion.

·       The models should incorporate quantitative and qualitative data analysis techniques.

·       Develop clear and concise risk scoring methodologies and thresholds

7.       Policy advocacy and best practices

a. Policy Landscape Analysis: Conduct a thorough analysis of existing policies and regulations related to the sector. Identify gaps, challenges, and opportunities for improvement.

b. Policy Recommendations: Develop specific policy recommendations for promoting growth and innovation in the sector. This includes recommendations related to due diligence processes, investment criteria, risk mitigation strategies, and regulatory frameworks.

c. Stakeholder Engagement: Engage with policymakers, regulators, and industry stakeholders to advocate for the adoption of these recommendations. This could include preparing policy briefs, organizing workshops, and participating in consultations.

d. Due Diligence Framework: Develop a comprehensive due diligence framework for investments and projects in new age the sector, including criteria for evaluating potential risks and opportunities.

8.       Sustaining excellence

a.       Assist in CSCoE operations, Monitor CSCoE success and need based modifications.

b.      Others: Any other work as deemed fit by the Bank for setting up and running of the CSCoE.

Educational Qualification

• M. Tech/ MCA/ B.E./B. Tech.
• CISA/CISSP/ CISM / OSCP

Location and way of working

• Base location: Bangalore

Your role as Leader

We expect our people to embrace and live our purpose by challenging themselves to identify issues that are most important for our clients, our people, and for society.

In addition to living our purpose, Senior Executive across our organization must strive to be:

• Inspiring - Leading with integrity to build inclusion and motivation
• Committed to creating purpose - Creating a sense of vision and purpose
• Agile - Achieving high-quality results through collaboration and Team unity
• Skilled at building diverse capability - Developing diverse capabilities for the future
• Persuasive / Influencing - Persuading and influencing stakeholders
• Collaborating - Partnering to build new solutions
• Delivering value - Showing commercial acumen
• Effective communication – Must be well abled to have well-structured and well-articulated conversations to achieve win-win possibilities
• Engagement Management / Delivery Excellence - Effectively managing engagement(s) to ensure timely and proactive execution as well as course correction for the success of engagement(s)
• Tech Savvy - Leveraging ethical technology practices to deliver high impact for clients and for Deloitte

How you’ll grow

Connect for impact

Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report.

Empower to lead

You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership.

Inclusion for all

At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters.

Drive your career

At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte.

Everyone’s welcome… entrust your happiness to us                                                                                                 

Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you.  

Interview tips

We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organization and the business area you’re applying to. Check out recruiting tips from Deloitte professionals.

*Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices.

At Deloitte, ethics and integrity are fundamental and not negotiable.  We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process.  We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of

Deloitte is permitted to offer or confirm any job offer from Deloitte.  We advise career aspirants to exercise caution.

In this regard, you may refer to a more detailed advisory given on our website at: https://www2.deloitte.com/in/en/careers/advisory-for-career-aspirants.html?icid=wn_