Technology Risk Senior Analyst – CL3 for Deloitte in APAC – Hyderabad (salary not disclosed)
This role will serve as a technology risk Sr Analyst within the Independent IT Risk Function. This individual support Technology Risk Management activities across several technology risk domains and environments. This position will support the gathering and where possible, pre-population of information shared in responding to global cross border and non-cross border client and regulator information security inquiries (via member firms) and member firm (MF) assurance requirements (e.g., information security inquiries, questionnaires, assessments, audits). In addition, this individual will support the Technology Risk Manager in monitoring and helping align First Line of Defense (1LOD) audit and certifications activities with client, regulator, and MF expectations to help ensure the right outcomes. This will be facilitated through a global delivery team model, tasked with the coordination and completion of these security inquiries. The Senior Analyst’s role will involve the pre-population of answers to information security questions/inquiries regarding Deloitte’s security, privacy, and disaster recovery/business continuity programs.
Work you’ll do
Operational responsibilities of this role will include one or more of the following:
- Fulfill member firm and client, regulatory and audit-related information security requests as assigned through the combination of global central service and a global delivery team.
- Responsible for identifying, gathering, and pre-populating responses to questions/inquiries using one or more Standard Answer Banks (SABs).
- Responsible for selecting relevant and valid security and assurance statements according to the specific inquiry and submitting these to the respective Client Security Lead.
- Responsible for identifying the remaining questions that cannot be pre-populated by Junior Analysts (where applicable) and whether consultation is needed with the Client Security Lead.
- Connecting with the Client Security Leads/Subject Matter Experts to improve delivery quality.
- Responsible for highlighting issues found in the Standard Answer Banks (SABs) and illustrating where changes are necessary.
- SAB maintenance (e.g., following up with owners on expired answers and if they need updating).
- Support the Technology Risk Manager in activities related to information security inquiries, including:
- Analyzing and evaluating client, regulator and member firm information security requests, assessments, and audits; and
- Gathering data and refinement activities using the global delivery team.
- Support the Technology Risk Manager for the monitoring of audits and certifications:
- Assist with monitoring and providing input on the planning (scope, timing, etc.) of audits and certifications to align with anticipated needs of clients, regulators and MFs; and
- Assist with manage the completion of audit and certification coordination activities (scoping, data and evidence gathering, refinement, etc.) and facilitate staff as they analyze and evaluate various requests.
- Demonstrate and apply strong project management skills, inspire teamwork and responsibility with team members, and use current technology and tools to enhance the effectiveness of deliverables and services.
- Supports initiatives to educate technology functions on technology risk management requirements according to regulatory requirements, firm policy, data classification, client commitments, etc.
- Demonstrate and apply a thorough understanding of technology trends to identify issues and communicate this information to the management team through written correspondence and verbal presentations.
- Performs other job-related duties as assigned by the Manager within the Independent IT Risk function, Client/Regulator Inquiries & Audit Oversight team.
The Cyber Security team works behind the scenes to protect Deloitte practitioners as well as information assets at Deloitte. We take this protective role very seriously, while simultaneously ensuring Deloitte meets client, legal, and regulatory requirements.
- Bachelor’s degree or higher in a technology related field or a relevant IT security certification (if non-technical degree) or an equivalent experience.
- Three (3) to five (5) years demonstrated experience in applying leading practices in a large-scale Information Security, Technology Risk or Operational Risk environments, including strategy development and execution, risk and governance experience.
- Required Skills/abilities
- Proficient English skills in reading and writing, and the ability to understand nuances.
- Good knowledge of Information Systems Security, cyber security, IT auditing, IT risk management and compliance and/or vendor security risk management
- Working knowledge of GRC tools (e.g., Archer, ServiceNow, etc.) and Unified Compliance Framework (UCF).
- Working knowledge of various IT risk frameworks, methodologies, leading industry/assurance standards and regulations, as well as attestation reporting frameworks, such as the ISO family of standards (27001/2, ISO 22301, ISO 27017, etc.), NIST, COBIT, SOC2 reporting framework.
- Basic knowledge of significant security and privacy laws and regulations in the Americas, Europe, Middle East, Asia, Africa, and Oceania is preferable (e.g., GDPR).
- Experience in developing and applying standards, principles, methods, and leading IT risk governance practices in large-scale Information Security, Technology environments.
- Experience working and liaising with executives (e.g., CIO, CISO, Directors, Principals) senior management
- Analytical and problem-solving mindset; demonstrated ability to synthesize large amounts of data in short periods of time for consumption by multiple stakeholders.
- Effective relationship-building, communication, presentation, and interpersonal skills.
- Highly disciplined, with strong organizational abilities.
- Ability to multitask, prioritize work and work independently.
- Possess exceptional level of integrity and customer focus.
Required License or certifications
- One or more of CISA, CIA, CISM, CISSSP, CGEIT, ISO 27001/2 or similar certifications preferred but equivalent knowledge will be considered
Work Location: APAC – Hyderabad
Shift: 11:00am – 8:00pm
For more info. or to apply:https://theucf.info/MgKQRK