Cyber Risk Assistant Manager Assurance, Technology and Controls, Quality, Risk and Security

Job Description

Your opportunityThis is a fantastic opportunity for a result driven individual, who enjoys variety and challenge in their working day. You will be joining the Cyber Risk team within Deloitte Business Security (DBS) to help protect the firm, drive positive change and your own professional development in an ever changing, digitising and evolving cyber world.We encourage consideration of flexible ways of working, both formal and informal arrangements that allow for the best outcomes for our people and our clients. If this opportunity is of interest to you with some flexibility, please do discuss with us.Your roleThe role requires an in-depth understanding of information, technology and business security and risk. Successful candidates will be expected to demonstrate relevant experience working in a dynamic environment dealing with complex challenges, and communicating to all levels of the business. The role is within the Cyber Risk team which is an internal facing team and a part of the wider Deloitte Business Security team.• Understand the second line cyber risk services and support awareness, consultancy and delivery of the services across the business. Build and maintain relationships, provide Cyber Risk subject matter expertise to the wider DBS & Quality & Risk community, identifying and proactively improving key relationships with stakeholders in that community • Regularly engage with our first line information security team to understand the technology projects that they are assessing, keep the second line cyber risk team informed of these and upcoming technology changes to facilitate assurance planning • Support and perform assurance activities over the first line information security reviews of new project engagements, which deliver technology and services to Deloitte. This is to validate that vulnerabilities and findings are translated clearly into operational or business risks that are tracked through to acceptance or mitigation. Ensure all the way through that due consideration has been given to the firms risk appetite, regulatory and legal standards and policies as part of consistent and auditable processes • Perform assurance activities relating to specific cyber security capabilities/control domains in line with areas of subject expertise across firm systems and processes to report on maturity and effectiveness • Take a lead on co-ordinating Cyber Risk input into general enquiries and client questionnaires that the team receives, seeking out answers from the Cyber Risk and Information Security teams as needed, refining the process and creating and managing a knowledge repository • Engage with internal clients and stakeholders to drive understanding of the value of cyber risk assurance and consolidated risk positions and how these activities help enable the business • Workeffectively in diverse teams within an inclusive team culture where people are recognised for their contributionYour work, your choiceAt Deloitte we believe the best impact is the value we add, not the hours we sit at our desk. We carefully consider agile ways of working, both formal and informal, that allow for the best impact for our people and our clients. Please speak to your recruiter about the working pattern that works best for you.Location:Your home office will be Cardiff, but with the option to work remotely from home too.Work pattern: This is a permanent full-time role. Our team members are able to work a variety of agile working patterns. Tell us what arrangement works for you and we’ll try to accommodate."Your professional experienceEssential• Information security experience within a relevant business sector • Ability to demonstrate a good understanding of a range of information technology systems and of any inherent security risks associated with these technologies • Ability to demonstrate understanding of information security principles, accreditations and best practice (e.g., ISO27001 and ISF Standards of Good Practice for Information Security) • Ability to effectively communicate business and technical risk to all potential audiences, strong stakeholder management skills, and to understand technology systems and applications from both a technical and business function perspective • Self-motivated and able to manage multiple concurrent deliverables, good communication skills and ability to provide a positive influence within a teamDesirable• One or more respected industry qualifications (e.g. CISSP, CISM, CISA, CRISC, SABSA) preferred but not essentialYour service line: Quality, Risk and Security The Quality, Risk and Security (QRS) community is an overarching identity for all of the professionals who manage quality and risk for Deloitte. It comprises: Deloitte Business Security (DBS), National Quality and Risk Management (NQRM), Quality & Risk Operations (QR Ops), and Service Line Quality and Risk Management teams (including Switzerland), and is led by a dedicated partner who sits on the firm’s Executive.For a full job description please visit our online Deloitte Careers portal.Requisition code: 180660