When you join the Deloitte Advisory Third-Party Risk Management (TPRM) practice, you will see how we work with some of the largest organizations in the world, across a variety of industries, to assist organizations in the development and operation of TPRM programs. Our client list includes eminent organizations across industries, e.g. technology, mining, media, pharmaceuticals, oil and gas, public sector and charities.Work you will do
- Perform ongoing third-party cyber risk assessments to help clients identify and evaluate complex business and technology risks related to their third parties.
- Comply with delivery SLA's and provide periodic status updates including potential risks and delays to the project delivery to project manager.
- Perform validation of sub-controls with third parties as per the validation process set by Deloitte and generate the final report in English language.
- For the purposes of this job description, the scope of assessments is limited to English language only.
Deloitte Advisory's Cyber Risk Services team helps complex organizations more confidently pursue their growth, innovation, and performance agendas through proactive management of the associated cyber risks. With deep experience across a broad range of industries, Deloitte Advisory's Cyber Risk Services professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to transform legacy programs into proactive Secure, Vigilant, ResilientTM cyber risk programs. By joining our team, you will be part of developing the future state of cyber risk solutions. Learn more about our Cyber Risk Services practice.
Qualifications and experience Required:
- Overall 3+ yrs of relevant experience in information security
- Working knowledge and understanding of information security and risk frameworks/standards (ISO 27001/2, NIST 800 series, PCI-DSS, etc.)
- Demonstrate knowledge of key risk areas such as cyber risk, compliance risk and regulatory risk
- Demonstrate knowledge in one or more of the following cyber risk domains, including:
- Security Governance and Management
- Security Policies and Procedures
- Application Security Controls
- Access Controls
- Network Security Operations
- Security Architectures
- Identity Management
- Disaster Recovery & Business Continuity
- Incident Response
- Risk Management
- Privacy and Data Protection
- Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing
- Excellent verbal and written communication skills
- Excellent inter-personal skills
· CISSP/CISA (or equivalent)
· Experience with information security audit or assessments
· Good understanding of legal and regulatory requirements around information security and data privacy, such as OCC Bulletin 29, FFIEC, HIPAA Security/Privacy, etc.
· Prior consulting experience
· Experience with internal controls, risk assessments, business process, and internal IT control testing or operational auditing#indeedpush Recruiting tips
From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.Benefits
At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.Our people and culture
Our diverse, equitable, and inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our client most complex challenges. This makes Deloitte one of the most rewarding places to work. Learn more about our inclusive culture.Professional development
From entry-level employees to senior leaders, we believe there's always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. Learn more about our commitment to developing our people.
As used in this posting, "Deloitte Advisory" means Deloitte & Touche LLP, which provides audit and enterprise risk services; Deloitte Financial Advisory Services LLP, which provides forensic, dispute, and other consulting services; and its affiliate, Deloitte Transactions and Business Analytics LLP, which provides a wide range of advisory and analytics services. Deloitte Transactions and Business Analytics LLP is not a certified public accounting firm. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. These entities are separate subsidiaries of Deloitte LLP.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.
We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, where applicable. See notices of various ban-the-box laws where available.
Requisition code: 30042
Apply on company website