Deputy Manager | Risk Assessment and Management | Pune | Cyber Strategy & Transformation
Deloitte
5 - 8 years
Pune
Posted: 01/09/2025
Job Description
Develop, implement, and manage a comprehensive risk management program to identify, assess, and mitigate cybersecurity risks across IT/IS systems and processes.- Continuously monitor the risk landscape, ensuring effective implementation and maintenance of mitigation strategies, while reporting on compliance with relevant laws, regulations, and industry standards.- Lead audits and assessments to verify cybersecurity compliance, providing remediation guidance for identified gaps, and staying up to date with regulatory changes.- Implement and maintain cybersecurity controls and frameworks, including NIST CSF, NIST 800-53, ISO/IEC 27001,ensuring alignment with industry standards and organizational needs.- Manage the organizations ISO/IEC 27001 certification process, including the development and maintenance of an Information Security Management System (ISMS), conducting internal audits, gap analyses, and preparing for external audits.Support the client CISO and CIO function in developing IT/IS control library for Access management, Cloud security, Data and Records, Security and monitoring, Data Privacy, vulnerability Management etc.Design and execute IT/IS controls testing strategies to evaluate the design adequacy and operating effectiveness of controls.Review policies, procedure and key operating documents and assist in rationalize the controls for review to identify potential treatment for Control Definitions based where controls remain, then these will flow into the control design adequacy assessment process to uplift the IT/IS control definition documentation.Design, document, and regularly update a cybersecurity control framework that complies with relevant industry standards and regulatory requirements (e.g., NIST, ISO/IEC 27001, CIS, PCI DSS, RBI, SEBI, IRDA, DPDPA, GDPR, DORA).- Conduct workshops with senior stakeholders to appraise them of cybersecurity frameworks and control requirements, ensuring continuous improvement of the organizations cybersecurity posture. Qualifications:- Bachelors degree in information technology, Computer Science, or a related field (or equivalent experience).- 5-8years of relevant experience in information security, cyber security compliance, risk assessment or a similar role- Good understanding of IT and IS control frameworks ( NIST, COBIT, ITIL, CSF, ISO 27001, ITIL, COSO etc.)- Good understanding and Indian and global cyber security regulations- Excellent communication and documentation skills.- Ability to work independently and as part of a team.- Experience with risk management, compliance, and audit processes.- Mandatory Certifications: ISO27001:2022, CISA, CISM, CRICS- Preferred Certifications:CISSP.
About Company
Deloitte is a global professional services firm that provides a wide range of services, including audit and assurance, consulting, tax, risk management, and financial advisory. With a presence in over 150 countries and a network of member firms, Deloitte serves clients across various industries, helping them solve complex business challenges, improve operations, and innovate. Known for its expertise in management consulting, technology solutions, and strategy, Deloitte is one of the Big Four accounting firms and is recognized for its commitment to quality, integrity, and making an impact in the marketplace.
Services you might be interested in
File Your ITR Now
Don’t wait for the deadline to stress you out!
Smart, fast, and reliable ITR filing for 2024-25. Submit your details today.