Technology Risk Senior Analyst – CL3

This role will serve as a technology risk Sr Analyst within the Independent IT Risk Function. This individual support Technology Risk Management activities across several technology risk domains and environments. This position will support the gathering and where possible, pre-population of information shared in responding to global cross border and non-cross border client and regulator information security inquiries (via member firms) and member firm (MF) assurance requirements (e.g., information security inquiries, questionnaires, assessments, audits). In addition, this individual will support the Technology Risk Manager in monitoring and helping align First Line of Defense (1LOD) audit and certifications activities with client, regulator, and MF expectations to help ensure the right outcomes. This will be facilitated through a global delivery team model, tasked with the coordination and completion of these security inquiries. The Senior Analyst’s role will involve the pre-population of answers to information security questions/inquiries regarding Deloitte’s security, privacy, and disaster recovery/business continuity programs.

Work you’ll do

Operational responsibilities of this role will include one or more of the following:

Fulfill member firm and client, regulatory and audit-related information security requests as assigned through the combination of global central service and a global delivery team.
- Responsible for identifying, gathering, and pre-populating responses to questions/inquiries using one or more Standard Answer Banks (SABs).
- Responsible for selecting relevant and valid security and assurance statements according to the specific inquiry and submitting these to the respective Client Security Lead.
- Responsible for identifying the remaining questions that cannot be pre-populated by Junior Analysts (where applicable) and whether consultation is needed with the Client Security Lead.
- Connecting with the Client Security Leads/Subject Matter Experts to improve delivery quality.
- Responsible for highlighting issues found in the Standard Answer Banks (SABs) and illustrating where changes are necessary.
- SAB maintenance (e.g., following up with owners on expired answers and if they need updating).
Support the Technology Risk Manager in activities related to information security inquiries, including:
- Analyzing and evaluating client, regulator and member firm information security requests, assessments, and audits; and
- Gathering data and refinement activities using the global delivery team.
Support the Technology Risk Manager for the monitoring of audits and certifications:
- Assist with monitoring and providing input on the planning (scope, timing, etc.) of audits and certifications to align with anticipated needs of clients, regulators and MFs; and
- Assist with manage the completion of audit and certification coordination activities (scoping, data and evidence gathering, refinement, etc.) and facilitate staff as they analyze and evaluate various requests.
Demonstrate and apply strong project management skills, inspire teamwork and responsibility with team members, and use current technology and tools to enhance the effectiveness of deliverables and services.
Supports initiatives to educate technology functions on technology risk management requirements according to regulatory requirements, firm policy, data classification, client commitments, etc.
Demonstrate and apply a thorough understanding of technology trends to identify issues and communicate this information to the management team through written correspondence and verbal presentations.
Performs other job-related duties as assigned by the Manager within the Independent IT Risk function, Client/Regulator Inquiries & Audit Oversight team.

The team

The Cyber Security team works behind the scenes to protect Deloitte practitioners as well as information assets at Deloitte. We take this protective role very seriously, while simultaneously ensuring Deloitte meets client, legal, and regulatory requirements.

Qualifications

Education

Bachelor’s degree or higher in a technology related field or a relevant IT security certification (if non-technical degree) or an equivalent experience.

Work experience

Three (3) to five (5) years demonstrated experience in applying leading practices in a large-scale Information Security, Technology Risk or Operational Risk environments, including strategy development and execution, risk and governance experience.

Required Skills/abilities

Proficient English skills in reading and writing, and the ability to understand nuances.
Good knowledge of Information Systems Security, cyber security, IT auditing, IT risk management and compliance and/or vendor security risk management
Working knowledge of GRC tools (e.g., Archer, ServiceNow, etc.) and Unified Compliance Framework (UCF).
Working knowledge of various IT risk frameworks, methodologies, leading industry/assurance standards and regulations, as well as attestation reporting frameworks, such as the ISO family of standards (27001/2, ISO 22301, ISO 27017, etc.), NIST, COBIT, SOC2 reporting framework.
Basic knowledge of significant security and privacy laws and regulations in the Americas, Europe, Middle East, Asia, Africa, and Oceania is preferable (e.g., GDPR).
Experience in developing and applying standards, principles, methods, and leading IT risk governance practices in large-scale Information Security, Technology environments.
Experience working and liaising with executives (e.g., CIO, CISO, Directors, Principals) senior management
Analytical and problem-solving mindset; demonstrated ability to synthesize large amounts of data in short periods of time for consumption by multiple stakeholders.

Effective relationship-building, communication, presentation, and interpersonal skills.
Highly disciplined, with strong organizational abilities.
Ability to multi-task, prioritize work and work independently.
Possess exceptional level of integrity and customer focus.

Required Licensed or certifications

One or more of CISA, CIA, CISM, CISSSP, CGEIT, ISO 27001/2 or similar certifications preferred but equivalent knowledge will be considered.

Work Location:

APAC – Hyderabad

Shift:

11:00am – 8:00pm

How you’ll grow

At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities— including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in exactly the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, worldclass learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India

Benefits

At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.

Deloitte’s culture

Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte.

Corporate citizenship

Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world.

Recruiting tips

Finding the right job and preparing for the recruitment process can be tricky. Check out tips from our Deloitte recruiting professionals to set yourself up for success. Check out recruiting tips from Deloitte recruiters.

Benefits

We believe that to be an undisputed leader in professional services, we should equip you with the resources that can make a positive impact on your well-being journey. Our vision is to create a leadership culture focused on the development and well-being of our people. Here are some of our benefits and programs to support you and your family’s well-being needs. Learn more about what working at Deloitte can mean for you.

Our people and culture

Our people and our culture make Deloitte a place where leaders thrive. Get an inside look at the rich diversity of background, education, and experiences of our people. What impact will you make? Be inspired by the stories of our people.

Our purpose

Deloitte’s purpose is to make an impact that matters for our clients, our people, and in our communities. We are creating trust and confidence in a more equitable society. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. We are focusing our collective efforts to advance sustainability, equity, and trust that come to life through our core commitments. Learn more about Deloitte's purpose, commitments, and impact.

Professional development

You want to make an impact. And we want you to make it. We can help you do that by providing you the culture, training, resources, and opportunities to help you grow and succeed as a professional. Learn more about our commitment to developing our people.

Requisition code: 132297

Suggested Searches