Technology Risk Senior Analyst – CL3

This role will serve as a technology risk Sr Analyst within the Independent IT Risk Function. This individual support Technology Risk Management activities across several technology risk domains and environments. This position will support the gathering and where possible, pre-population of information shared in responding to global cross border and non-cross border client and regulator information security inquiries (via member firms) and member firm (MF) assurance requirements (e.g., information security inquiries, questionnaires, assessments, audits). In addition, this individual will support the Technology Risk Manager in monitoring and helping align First Line of Defense (1LOD) audit and certifications activities with client, regulator, and MF expectations to help ensure the right outcomes. This will be facilitated through a global delivery team model, tasked with the coordination and completion of these security inquiries. The Senior Analyst’s role will involve the pre-population of answers to information security questions/inquiries regarding Deloitte’s security, privacy, and disaster recovery/business continuity programs.

Work you’ll do

• Fulfill member firm and client, regulatory and audit-related information security requests as assigned through the combination of global central service and a global delivery team.
  • Responsible for identifying, gathering, and pre-populating responses to questions/inquiries using one or more Standard Answer Banks (SABs).
  • Responsible for selecting relevant and valid security and assurance statements according to the specific inquiry and submitting these to the respective Client Security Lead.
  • Responsible for identifying the remaining questions that cannot be pre-populated by Junior Analysts (where applicable) and whether consultation is needed with the Client Security Lead.
  • Connecting with the Client Security Leads/Subject Matter Experts to improve delivery quality.
  • Responsible for highlighting issues found in the Standard Answer Banks (SABs) and illustrating where changes are necessary.
  • SAB maintenance (e.g., following up with owners on expired answers and if they need updating).
• Support the Technology Risk Manager in activities related to information security inquiries, including:
  • Analyzing and evaluating client, regulator and member firm information security requests, assessments, and audits; and
  • Gathering data and refinement activities using the global delivery team.
• Support the Technology Risk Manager for the monitoring of audits and certifications:
  • Assist with monitoring and providing input on the planning (scope, timing, etc.) of audits and certifications to align with anticipated needs of clients, regulators and MFs; and
  • Assist with manage the completion of audit and certification coordination activities (scoping, data and evidence gathering, refinement, etc.) and facilitate staff as they analyze and evaluate various requests.
• Demonstrate and apply strong project management skills, inspire teamwork and responsibility with team members, and use current technology and tools to enhance the effectiveness of deliverables and services.
• Supports initiatives to educate technology functions on technology risk management requirements according to regulatory requirements, firm policy, data classification, client commitments, etc.
• Demonstrate and apply a thorough understanding of technology trends to identify issues and communicate this information to the management team through written correspondence and verbal presentations.
• Performs other job-related duties as assigned by the Manager within the Independent IT Risk function, Client/Regulator Inquiries & Audit Oversight team.

The team

The Cyber Security team works behind the scenes to protect Deloitte practitioners as well as information assets at Deloitte. We take this protective role very seriously, while simultaneously ensuring Deloitte meets client, legal, and regulatory requirements.

Qualifications

Education

• Bachelor’s degree or higher in a technology related field or a relevant IT security certification (if non-technical degree) or an equivalent experience.

Work experience

• Three (3) to five (5) years demonstrated experience in applying leading practices in a large-scale Information Security, Technology Risk or Operational Risk environments, including strategy development and execution, risk and governance experience.

• Proficient English skills in reading and writing, and the ability to understand nuances.
• Good knowledge of Information Systems Security, cyber security, IT auditing, IT risk management and compliance and/or vendor security risk management
• Working knowledge of GRC tools (e.g., Archer, ServiceNow, etc.) and Unified Compliance Framework (UCF).
• Working knowledge of various IT risk frameworks, methodologies, leading industry/assurance standards and regulations, as well as attestation reporting frameworks, such as the ISO family of standards (27001/2, ISO 22301, ISO 27017, etc.), NIST, COBIT, SOC2 reporting framework.
• Basic knowledge of significant security and privacy laws and regulations in the Americas, Europe, Middle East, Asia, Africa, and Oceania is preferable (e.g., GDPR).
• Experience in developing and applying standards, principles, methods, and leading IT risk governance practices in large-scale Information Security, Technology environments.
• Experience working and liaising with executives (e.g., CIO, CISO, Directors, Principals) senior management
• Analytical and problem-solving mindset; demonstrated ability to synthesize large amounts of data in short periods of time for consumption by multiple stakeholders.

• One or more of CISA, CIA, CISM, CISSSP, CGEIT, ISO 27001/2 or similar certifications preferred but equivalent knowledge will be considered.

Work Location:

APAC – Hyderabad

Shift:

11:00am – 8:00pm

How you’ll grow

At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities— including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in exactly the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, worldclass learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India

Benefits

At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.

Deloitte’s culture

Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte.

Corporate citizenship

Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world.