T&T | Cyber CST | Deputy Manager | NIST Implementation | Bangalore

Location - Bangalore

IT Control Testing Specialist

The Team

Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure vigilant and resilientnot only by looking athow to prevent and respond to attacks but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at thestart of strategy development for more effective management of information and technology risks. Lear more aboutCybersecurity

Your work profile

This role sits at the intersection of control design implementation and assurance ensuring that IT controls are not only compliant but also operationally effective scalable and aligned to real-world risk scenarios.As an IT Control Testing Specialist you will own the lifecycle of IT controlsfrom interpreting regulatory expectations and translating them into implementable controls to designing robust testing strategies and driving remediation with engineering precision.

1. IT Controls Design & Implementation

• Translate regulatory and framework requirements (e.g. SOX ISO 27001 NIST) into practical implementable ITGCs and ITACs across systems and processes.
• Partner with engineering DevOps and infrastructure teams to embed controls within system architecture workflows and pipelines (e.g. access provisioning change approvals logging monitoring).
• Evaluate control design effectiveness by assessing control objectives risk coverage and alignment with business processes.
• Drive standardization and rationalization of control frameworks reducing redundancy while improving coverage.

2. Advanced IT Control Testing & Assurance

• Independently design and execute risk-based end-to-end testing strategies for ITGCs and ITACs including:
• Access Management (JML privileged access RBAC)
• Change Management (SDLC DevOps pipelines emergency changes)
• IT Operations (job monitoring backups incident management)
• Perform deep-dive control testing using both manual and automated techniques including data-driven testing sampling strategies and re-performance.
• Leverage tools and scripts (SQL Python or GRC platforms) to enhance testing efficiency and coverage.
• Assess control automation opportunities including feasibility ROI and implementation approach.

3. Technical Controls & Security Domain Expertise

• Apply hands-on understanding of technical security controls including:
• Identity & Access Management (IAM IGA tools SSO MFA)
• Encryption key management and certificate lifecycle
• Secure configuration baselines (OS DB Cloud)
• Logging monitoring and SIEM integrations
• Evaluate effectiveness of controls in cloud environments (AWS/Azure/GCP) and modern architectures (microservices APIs).
• Validate secure development practices and DevSecOps controls embedded in CI/CD pipelines.

4. Issue Analysis Remediation & Advisory

• Analyze control deficiencies to identify root causes (design vs. operating gaps) rather than symptoms.
• Provide actionable technically feasible remediation recommendations aligned with system constraints and business priorities.
• Work closely with stakeholders to implement and validate remediation including control re-design where necessary.
• Track and report on control maturity and risk posture improvements.

5. Stakeholder Collaboration & Leadership

• Act as a trusted advisor to IT Security and Business teams on control implementation and optimization.
• Lead walkthroughs control discussions and audit interactions with confidence and clarity.
• Mentor junior team members on testing methodologies control interpretation and technical depth.
• Contribute to building repeatable testing frameworks accelerators and best practices.

6. Continuous Improvement & Innovation

• Stay current with emerging threats regulatory updates and evolving control expectations.
• Drive adoption of automated control testing continuous controls monitoring (CCM) and data analytics.
• Contribute to innovation initiatives around control engineering and testing transformation.

Key Skills Required

• Bachelors degree in Information Technology Computer Science or a related field.
• Education - 6-8 years of experience in IT audit IT risk or cybersecurity with strong exposure to control implementation and testing.
• Demonstrated experience in:
• Designing and testing ITGCs and ITACs in complex environments
• Implementing or advising on technical controls within enterprise systems or cloud platforms
• Working with GRC tools (ServiceNow Archer Jira etc.)
• Hands-on experience with data analysis scripting or automation in control testing is strongly preferred.
• Understanding of control frameworks (SOX ISO 27001 NIST COBIT).
• Ability to bridge audit risk and engineering perspectives effectively.
• Strong analytical thinking with aproblem-solving and engineering mindset
• Ability to interpret risks and translate into control design and validation
• Excellent stakeholder management and communication skills
• High adaptability in dynamic fast-evolving control environments