Deloitte - Bengaluru, IN
posted 2 days ago
Full-time - Senior
Bengaluru, IN
Professional, Scientific, and Technical Services
About the position
Every day, your work will make an impact that matters, while you thrive in a dynamic culture of inclusion, collaboration, and high performance. As the undisputed leader in professional services, Deloitte is where you'll find unrivaled opportunities to succeed and realize your full potential.
Responsibilities
- Manage governance, risk, confidentiality, compliance for the enterprise and provide support to CISO office on security & compliance assurance.
- Work with technology team to establish and improvise security frameworks, policies, procedures.
- Work with application team for SSDLC implementation.
- Review contracts with clients and vendors.
- Implementation, operation, and maintenance of the Information Security Management System based on standards like ISO/IEC 27000 series, ISO 22301, etc., as applicable.
- Develop, implement, and monitor enterprise information security program which would take account of developing, maintaining, and publishing up-to-date information security policies, procedures, and guidelines.
- Facilitating the information security risk assessment process, including the reporting and oversight of treatment efforts to address findings.
- Ability to present and articulate how controls quantitatively impact risk and align information risk to business risk.
- Contract / Engagement Letter review from Cybersecurity controls perspective.
- Managing security incidents and events to protect corporate IT assets, regulated data, and the company's reputation.
- Overseeing the awareness training programs for all employees, contractors, and approved system users.
- Implementing processes related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations.
- Facilitating Internal & External Audits.
- Perform security reviews of critical business projects supporting Secure SDLC phases, compliance, and governance.
- Interface with application development team to drive secure initiatives, planning, and resolve issues and conflicts early and within development lifecycle.
- Facilitate secure engagement activities including security requirements, threat modelling, vulnerability analysis, and risk assessment.
Requirements
- Bachelor's Degree in Information Technology.
- 12+ years in Information Security/ Cyber Security.
- Certifications in security demonstrating deep practical knowledge such as CISSP, CISA, CISM, ISO 27001 LA, ISO 22301 LA, etc.
- Basic understanding of various technologies such as programming languages, and applications.
- Good time management and multitasking skills.
- Ability to build healthy working relations.
Nice-to-haves
- Secure software development lifecycle (SSDLC) experience.
- Information Risk Management including Technology Risk & Vendor IT Risk Assessment.
- Ability to identify and remediate issues early, analyse, and propose alternative solutions.
- Strong interpersonal skills with the ability to facilitate diverse groups, help negotiate priorities, and resolve conflicts among stakeholders.
- Passion for achieving results and continual self-improvement.
- Experience and knowledge of Public Cloud Provider (e.g., Azure, AWS, GCP) security controls and capabilities.
- Deep understanding and experience of multi-layer security controls ensuring confidentiality, integrity, and availability.
- Experience with Identity and Access Management security solutions and protocols (e.g., SAML, OpenID, and OAuth).
- Knowledge of with security tools (e.g., SAST/DAST, SCA, vulnerability scanning, penetration testing).
- Knowledge of current and emerging security threats and techniques for exploiting security weaknesses.
- Knowledge and understanding of OWASP Top 10, including assessment and remediation strategy.
- Understanding of National and International regulatory and compliance standards.
Benefits
- Broad range of benefits offered to employees.
- Opportunities for professional development and growth.
- Access to Deloitte University for formal development programs.
