Job Title: Associate Director | Risk Management | Pune | Cyber Strategy & Transformation
Cyber: Strategy & Transformation | Risk Management | Pune / Hyderabad
India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting-edge leaders and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, bring your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters.
The Deloitte
Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks.
Your Team
Security is a global organization within Group Technology Infrastructure and Security Engineering. Our services focus on access management for applications and infrastructure, identity management for users, directories, detecting/preventing measures for cyber threats, and exchanging/storing data securely. We provide consolidated and reliable security services that implement secure design principles and create best-fit solutions.
As an expert in ISE Security and Internet Technologies, you will be part of our team in Pune and working closely with the internal project team. The team is responsible for access management to applications used across the organization. Our team is global, diverse and collaborative as we work across organizations.
Key Responsibilities:
Do you want to design and build next generation business applications using the latest technologies? Are you confident at iteratively refining user requirements and removing any ambiguity? Do you like to be challenged and encouraged to learn and grow professionally?
Primary Skills:
· GRC Framework Implementation – ISO 27001, NIST CSF, COBIT, COSO
· Enterprise Risk Management (ERM) – Risk assessments, risk register, KRIs
· Regulatory Compliance Management – SOX, GDPR, HIPAA, PCI DSS, DPDP, DORA, SEC Cyber
· Information Security Policies & Procedures – Design, implementation, and governance
· Internal & External Audit Management – Audit lifecycle, remediation, reporting
· Third-Party Risk Management (TPRM) – Vendor due diligence, assessments, contracts
· Team Leadership & Mentoring – Leading GRC teams and nurturing talent
· GRC Tools Expertise – RSA Archer, ServiceNow GRC, MetricStream
· Executive & Board Reporting – Dashboards, risk heatmaps, strategic insights
· Proposal Development & RFP/RFI Response – Business development support
· Stakeholder & Cross-functional Engagement – Cyber, IT, legal, audit, business
· Program & Project Management – End-to-end GRC initiative execution
Secondary Skills:
· Cybersecurity Awareness Programs – Designing and delivering awareness initiatives
· Change Management – Embedding risk-aware culture and process transformation
· Business Continuity & Disaster Recovery (BC/DR) – Alignment with GRC objectives
· Cloud Security Governance – Risk and compliance during cloud transformations
· Data Privacy Governance – Interpretation and implementation of privacy frameworks
· ITIL Framework Knowledge – IT operations and service management alignment
· Crisis & Incident Management Support – Advisory role during breaches or simulation
Education:
B.Tech/ BCOM
Certifications in cloud are preferred