RFA - Cyber - Operate - LSA - TPCRS

Job title: Third Party Cyber Risk Services– Senior Consultant (Solution Delivery Lead)

About

At Deloitte, we do not offer you just a job, but a career in the highly sought-after risk management field. We are one of the business leaders in the risk market. We work with a vision to make the world more prosperous, trustworthy, and safe. Deloitte's clients, primarily based outside of India, are large, complex organizations that constantly evolve and innovate to build better products and services. In the process, they encounter various risks and the work we do to help them address these risks is increasingly important to their success—and to the strength of the economy and public security.

By joining us, you will get to work with diverse teams of professionals who design, manage, and implement risk-centric solutions across a variety of domains. In the process, you will gain exposure to the risk-centric challenges faced in today's world by organizations across a range of industry sectors and become subject matter experts in those areas.

Our Risk and Financial Advisory services professionals help organizations effectively navigate business risks and opportunities—from strategic, reputation, and financial risks to operational, cyber, and regulatory risks—to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading teams help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries. We use cutting-edge technology like AI/ML techniques, analytics, and RPA to solve Deloitte's clients'most complex issues. Working in Risk and Financial Advisory at Deloitte US-India offices has the power to redefine your ambitions.

The Team

Cyber & Strategic Risk

We help organizations create a cyber-minded culture, reimagine risk to uncover strategic opportunities, and become faster, more innovative, and more resilient in the face of ever-changing threats. We provide intelligence and acuity that dynamically reframes risk, transcending a manual, reactive paradigm.

Third Party Risk Management (TPRM) capability is part of the wider Cyber & Strategic Risk portfolio within Deloitte Risk and Financial Advisory. The TPRM team is focused on helping our clients identify and manage the cyber risks arising from their association with third parties or service providers. We help our clients to define their overall third-party cyber risk strategy, design and implement enterprise-wide programs and technology that focus on identifying and reducing risks; help them evaluate their objectives, priorities, strengths and weaknesses and roll out large scale organizational changes to achieve goals.

Work you'll do

As a professional working for Third Party Risk Management (TPRM) team, you'll build and nurture positive working relationships with clients with the intention to exceed client expectations. You'll:

• Assist in the selection and tailoring of third party cyber risk management approaches, methods and tools to support delivery of third party cyber risk assessment services
• Assist clients in developing their third party risk management programs, such as risk tiering methodology, risk assessment process flows, risk assessment questionnaires, and reports
• Perform third party risk assessments to help clients identify and evaluate complex business and technology risks related to third parties, and provide recommendations for managing those risks
• Participate in project management activities such as leading status calls, risk and issue management, escalations, invoicing, etc.
• Provide periodic updates about status of work assigned to the project manager
• Mentor new assessors on tools and methodology to conduct cyber risk reviews and demonstrate good understanding of client specific cyber security policy and procedures
• Update project manager on potential risks and delays to the project delivery
• Generate innovative ideas and challenge the status quo
• Facilitate use of Deloitte tools and methodologies to review, design and/or implement third party cyber risk services
• Identify opportunities to improve operational excellence
• Support project managers in sales pursuits and proposals and assist in building practice eminence
• Participate in and actively support mentoring relationships within practice
• Assist in the selection and tailoring of third party cyber risk management approaches, methods and tools to support delivery of third party cyber risk assessment services
• Assist clients in designing and developing their third party risk management programs, such as risk tiering methodology, risk assessment process flows, risk assessment questionnaires, and reports
• Perform third party risk assessments to help clients identify and evaluate complex business and technology risks related to third parties, and provide recommendations for managing those risks
• Participate in project management activities such as leading status calls, risk and issue management, escalations, invoicing, etc.
• Provide periodic updates about status of work assigned to the project manager
• Mentor new assessors on tools and methodology to conduct cyber risk reviews and demonstrate good understanding of client specific cyber security policy and procedures
• Update project manager on potential risks and delays to the project delivery
• Generate innovative ideas and challenge the status quo
• Facilitate use of Deloitte tools and methodologies to review, design and/or implement third party cyber risk services
• Identify opportunities to improve operational excellence
• Support project managers in sales pursuits and proposals and assist in building practice eminence
• Participate in and actively support mentoring relationships within practice

Required skills

• 5 - 7 years of information security experience
• Excellent verbal and written communication
• Excellent understanding of information security and risk frameworks/standards (ISO 27001/2, NIST 800 series, PCI-DSS, etc.)
• Excellent knowledge of key risk areas such as cyber risk, compliance risk and regulatory risk
• Strong knowledge and deep expertise in multiple areas of cyber security and how it impacts the overall business and IT objectives and priorities. Some areas include (not limited to):

o Cyber risk strategy

o Cyber risk program management and delivery

o Cyber security operations

o Security architecture

o Data protection

o Application security/SDLC

o Third party risk management

o Cloud security

o Cyber Threat Intelligence

o Security Operations Center

o Incident Response

o Cyber Resilience

• Understanding and knowledge of industry standards and industry frameworks (e.g., COBIT, COSO, ISO 27001, PCI, NIST)
• Demonstrate a general knowledge of market trends, competitor activities, Deloitte & Touche products and service lines
• Should be a good team player with excellent networking skills
• Excellent inter-personal skills
• Willingness to work in shifts

Preferred skills

• CISSP / CISA (or equivalent)
• Good understanding of legal and regulatory requirements around information security and data privacy such as OCC Bulletin 29, FFIEC, HIPAA Security/Privacy, etc.
• 1+ years of project management experience on mid to complex projects required
• Prior consulting experience
• Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing

Qualification

• Bachelor's/Master's degree in information technology or related field

Our purpose

Deloitte's purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities.

Our people and culture

Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work.

Professional development

At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India.

Benefits to help you thrive

At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you.

Recruiting tips

From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.

Requisition code: 301317