Job Title:  T&T | Cyber: CST |Consultant | Risk Assessment and Management

The Team  

Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks. Learn more about Cybersecurity  

Your Work Profile 

As a part of our Cyber strategy team, you will build and nurture positive working relationships with teams and clients with the intention to exceed client expectations.

The Infrastructure / Network Audit Professional is responsible for planning and executing audits across network, security, and IT infrastructure environments to evaluate the design and operating effectiveness of controls. The role focuses on identifying risks, assessing regulatory and policy compliance, recommending remediation, and providing independent assurance over cybersecurity and infrastructure controls.

Plan and execute infrastructure and network security audits in line with industry standards (ISO 27001, NIST, CIS, COBIT, etc).

Evaluate the adequacy and effectiveness of controls across network, security, cloud, and endpoint environments.

Perform risk assessments to identify control gaps, security vulnerabilities, and process weaknesses.

Conduct walkthroughs, control testing, and evidence validation.

Document audit observations with clear risk articulation and actionable recommendations.

Prepare audit reports and present findings to senior management.

  
Key Skills Required:

• Network & Perimeter Security Audit: Assess firewall governance, IDS/IPS, WAF, VPNs, DDoS protections, and network segmentation to ensure secure architecture and effective control design.
• Infrastructure Security Review: Evaluate server, database, and network device hardening, patch and vulnerability management, NAC controls, wireless security, and resilience mechanisms such as backup and recovery.
• Endpoint, Data & Email Security: Review EDR/XDR effectiveness, DLP implementations, MDM compliance, and secure email gateway configurations to validate protection against data loss and advanced threats.
• Identity & Privileged Access Controls: Audit IAM and PAM frameworks, including provisioning/deprovisioning, MFA, SSO, and privileged session governance.
• Cloud Security & Compliance: Assess security configurations across cloud platforms (Azure/AWS/GCP), including access controls, logging, CASB, and SaaS governance, ensuring alignment with regulatory and industry standards.
• B. E/ B-Tech (Tier 1/2) or master’s degree in information security, Computer Science, or a related field
• Professional certifications such as CISSP, CISA, CISM, CRISC, ISO 27001 LA/LI, CISA are preferred.
• 6-10 years of relevant experience in cybersecurity consulting, risk management, and compliance.
• In-depth knowledge of security frameworks and standards (e.g., NIST, ISO 27001, COBIT).
• Strong analytical, communication, and stakeholder management skills