Job Description

Job Title: RA - A&IC - ITSA - AM - TPRM

Job requisition ID :: 46740

Date: Aug 22, 2022

Location: Bengaluru

Designation: Assistant Manager

Entity:


Risk Advisory Risk Advisory - A & I C: IT & Specialized Assurance: AM What impact will you make?
Every day, your work will make an impact that matters, while you thrive in a dynamic culture of inclusion, collaboration, and high performance. As the undisputed leader in professional services, Deloitte is where you’ll find unrivaled opportunities to succeed and realize your full potential Deloitte is where you’ll find unrivaled opportunities to succeed and realize your full potential.
Work you’ll do

• Validate scope of assessment: Collaborate with assessors and business teams to understand and validate assessment scope.
• Conduct interviews with key stakeholders: Conduct interviews with third parties, business teams.
• Technical Reviews: Review security controls that are technical in nature, such as access controls, data encryption in transit and at rest, and auditing and logging user activity. Review documentation, including questionnaire responses and supporting evidence for the risk assessment
• Security Documentation Review: Perform in-depth reviews of documentation provided by Third Party that describes the purpose, functionality, architecture, operational environment, and the information security standards and practices currently in place.
• Review Third-Party Audit Results: Review Third Party audit reports where applicable to determine if security controls have already been audited and reported on. Examples: SOC2, PCI, ISO, Pen Test, etc.
• Operational Process Review: Review security operations processes and observe how these have been implemented and managed within the in-scope system(s).
• Identification of gaps/findings against security requirements, determine level of risks and develop actionable recommendations. Create assessment report and review with assessors.
• Manage the stakeholders to perform the Third-Party Security Assessment
• Follow up on the ongoing and new issues noted during the assessment through closure.
• Run campaigns to re-assess third parties
• Run campaigns to close open findings
• Write knowledge or help articles, FAQ’s, run books pertaining to the Third-Party Security process
• Manage on-call duties for the days personnel is on call Raise queries or follow-ups with third party contacts, if required
• Prepare finalized draft assessment reports
• Update repository of record
• Findings follow-up for status update and verify evidence provided to ensure intent of finding is closed

Provide timely reporting - project and executive level as required Qualifications

• 2 – 7 years of hands-on experience in the multiple areas of IT audits, Third-Party Security Assessment, SSAE / SOC- 1 and 2, Third Party Risk Management, Vendor Risk Management, IT Risk consulting or any other regulatory / compliance audits.

• Experience in delivering result-oriented solutions to Client Senior Management.

• Risk assessment and other risk management consulting experience.

• Experience with regulatory and compliance audits.

• Experience with creating Information Security Framework and its related policies and procedures

• Strong knowledge of ERP’s like SAP / OFIN / JDE / etc. and their native application controls.

• Knowledge of IT Security aspects towards key areas like Cloud Computing, Cyber Risks, Network Security, database management systems, SDLC, IT general controls (ITGC), COBIT, COSO 2013.

• Excellent written and oral communication skills e.g. presentation to top management and report writing

• Proficiency with Microsoft Office applications

• Experience in leading multiple client engagements simultaneously

• Experience in managing professional service engagement teams

• Willing to travel extensively, if needed and demonstrate commitment to excel in client service and team development

Educational Qualification:

• Chartered Accountant and/or MBA with Finance/IT (pref)

• Certifications of CISA, CISSP, CISM preferred (pref)

Your role as a leader
At Deloitte India, we believe in the importance of leadership at all levels. We expect our people to embrace and live our purpose by challenging themselves to identify issues that are most important for our clients, our people, and for society and make an impact that matters.
In addition to living our purpose, employees at this level, across our organization:

• Builds own understanding of our purpose and values; explores opportunities for impact
  • Demonstrates strong commitment to personal learning and development; acts as a brand ambassador to help attract top talent
  • Understands expectations and demonstrates personal accountability for keeping performance on track
  • Actively focuses on developing effective communication and relationship-building skills
  • Understands how their daily work contributes to the priorities of the team and the business
  
  

How you’ll grow
At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help build world-class skills in addition to hands-on experience in the global, fastchanging business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their career. Explore Deloitte University, The Leadership Center.
Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.
Our purpose
Deloitte is led by a purpose: To make an impact that matters.
Every day, Deloitte people are making a real impact in the places they live and work. We pride ourselves on doing not only what is good for clients, but also what is good for our people and the communities in which we live and work—always striving to be an organization that is held up as a role model of quality, integrity, and positive change. Learn more about Deloitte's impact on the world
Recruiter tips We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you’re applying to. Check out recruiting tips from Deloitte professionals.