T&T | Cyber CST | Associate Director | CISSP | GRC | Gurgaon

Location - Gurgaon

The Team

Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure vigilant and resilientnot only by looking at how to prevent and respond to attacks but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks.Learn more aboutCybersecurity

Your work profile

Develop implement and maintain risk and governance frameworks.

Guide teams/Handle client information security posture identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk.

Recommend security solutions and enhancements aligned with business goals and threat landscape.

Conduct security risk assessments of third-party vendors and service providers.

Define TPRM frameworks and integrate them into the overall risk management program.

Perform cybersecurity maturity assessments using established frameworks such as NIST CSF NISTISO 27001

Frontend teams for ISO 27001 based Information Security Management System implementation and sustenance-based projects.

Lead risk identification evaluation mitigation and monitoring activities.

Deliver actionable insights and improvement roadmaps based on assessment results.

Understand and evaluate application security architectures including secure SDLC practices threat modelling and secure coding standards.

Plan execute and report on comprehensive IT and OT security audits.

Lead teams or work as team member to conduct Information Systems audits covering IT infrastructure assets.

Manages security and cyber strategy projects guides the team on a day-to-day basis and ensures that assigned tasks and responsibilities are fulfilled in a timely fashion.

Responsible to assist client in review / implement Information Security controls in areas as mentioned but not limited to: Change management process Incident management process Backup process User identity and access management Antivirus management SLA performance and monitoring Media handling & Exchange of information Physical and environmental Security and Media & Information Handling.

Conduct and support PCI DSS assessments and gap analysis.

Provide guidance for remediation efforts to ensure ongoing compliance.

Demonstrates understanding of complex business and information technology management processes.

Ensure compliance with cybersecurity guidelines and regulations issued by RBI SEBI IRDA BCAS NCIIPC and other relevant bodies.

Track evolving regulatory requirements and integrate changes into the cybersecurity program.

Understanding of cloud service models and security controls across major platforms (AWS Google Cloud Azure).

Plan and execute ITGC control testing covering areas such as access management change management and operations controls. Identify control gaps and support remediation efforts.

Interacts with clients managers and partners to build and nurture strong relationships.

Tailors firm tools and methodologies as per client requirements.

Key Skills Required

B. E/ B-Tech (Tier 1/2) or masters degree in information security Computer Science or a related field

Professional certifications such as CISSP CISA CISM CRISC ISO 27001 LA/LI ISO 31000 LA/LI ISO 22301 LA/LI CISA ITIL or PCI QSA are preferred.

10 years of relevant experience in cybersecurity consulting risk management and compliance.

In-depth knowledge of security frameworks and standards (e.g. NIST ISO 27001 COBIT).

Strong analytical communication and stakeholder management skills