Job Title:  T&T | Cyber : Cyber Strategy & Transformation | Deputy Manager | Risk Controls| Pune

The Team 

Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks. Learn more about  Cybersecurity

 Your work profile 

This role conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology and Information security (IT/IS) system to determine the overall effectiveness of the IT, Cyber, AI and Cloud controls . Role includes and is not limited to: 

• Support the client CISO and CIO function in developing IT/IS control library for Access management, Cloud security, Data and Records, Security and monitoring, Data Privacy, vulnerability Management etc.
• Design and execute controls testing strategies to evaluate the design adequacy and operating effectiveness of controls.
• Testing Approach Review and Process Documentation
• Develop methods to monitor and measure risk, compliance, and assurance efforts.
• Create test plan, test scripts etc. to support the delivery of controls assurance objectives.
• Prepare detailed testing documentation, workpapers and reports to highlight findings and recommendations.
• Collaborate with various departments for control walkthroughs, sampling, evidence collection etc.
• Maintain up-to-date knowledge of industry standards and best practices related to controls testing.
• Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
• Review existing Risk control testing approach and methodology used by client to identify areas for improvement based on IT risk & control frameworks and industry good practices.
• Develop templates to facilitate the control testing and the documentation and reporting of the control testing outputs in line with the refined control testing approach and methodology
• Liaise with designated stakeholders to identify the prioritized set of controls and document repeatable test scripts for testing design effectiveness (“DE”) and operational effectives (“OE”) of prioritized IT and IS controls.
• Review policies, procedure and key operating documents and assist in rationalize the controls for review to identify potential treatment for Control Definitions based where controls remain, then these will flow into the control design adequacy assessment process to uplift the IT/IS control definition documentation.
• Perform Control Design Adequacy Assessment of identify controls that require remediation work as well as those that comply to industry good practices (such as COBIT/NIST)

 Key Skills Required

• Bachelor’s degree (or equivalent experience) with minimum 6-8 years of experience in IT/IS risk and control testing, Risk and compliance. Preferably with global banking clients.
• ISO 27001, CRISC or CISA Certified Mandatory, CISSP certification Desirable
• Information Systems/Network Security
• Understanding of NIST, ISO, COBIT or equivalent cyber security framework. 
• Information Technology Assessment and Risk Management
• Knowledge of Internal control concepts (e.g., Preventive Controls; Detective Controls; Anti-Fraud Controls; etc.)
• Strong understanding of regulatory requirements and industry best practices related to controls assurance, relevant to global banking risks – such as Information Technology (IT), Information Security (IS), and/ or Data Management
• Experience operating in a regulated environment and managing stakeholders across the Three Lines of Defense.