Job Title:  Deputy Manager | Risk Management | Pune | Cyber Strategy & Transformation

The team

Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks. Lear more about  Cybersecurity

Your work profile

• Conduct Third-Party Risk Management (TPRM) assessments and cybersecurity compliance reviews for vendors and internal systems.
• Perform inherent and residual risk assessments across cybersecurity, operational, regulatory, and data privacy domains.
• Evaluate vendor security posture through questionnaires, interviews, audit reports, and evidence reviews.
• Assess compliance against frameworks and regulations such as ISO 27001, NIST, PCI-DSS, SOC 2, DORA, GDPR, RBI Cyber Security Framework, and internal policies.
• Conduct gap assessments to identify control deficiencies, compliance gaps, and cybersecurity risks.
• Review security policies, procedures, standards, and technical control implementations.
• Track remediation plans and validate closure of identified findings and risks.
• Support internal audits, external audits, client assessments, and regulatory inspections.
• Monitor third-party security incidents, emerging cyber risks, and regulatory updates impacting the organization.
• Ensure adherence to enterprise risk management, cybersecurity governance, and compliance standards.
• Contribute to continuous improvement of TPRM, cyber governance, and compliance assessment methodologies and processes.

Key skills required: 

• 8+ years of experience in IT Risk, Cybersecurity, or Technology Controls

• Coordinate vendor onboarding, due diligence, periodic reassessments, and remediation tracking activities.
• Analyze and validate cybersecurity controls related to IAM, vulnerability management, endpoint security, encryption, logging, backup, and incident response.
• Collaborate with procurement, legal, compliance, IT, security, and business stakeholders for risk evaluations and evidence collection.
• Maintain risk registers, assessment documentation, compliance trackers, and audit artifacts.
• Prepare assessment reports, risk summaries, dashboards, and management presentations.

• Bachelors in technology (B.Tech) / Computer in Science