Cyber Risk Assistant Manager, Deloitte Business Security, QRS

Your opportunity This is a fantastic opportunity for a results driven individual to join Deloitte Business Security (DBS) - a cross-disciplinary team that supports a risk intelligent culture within Deloitte. We encourage consideration of flexible ways of working, both formal and informal arrangements that allow for the best outcomes for our people and our clients. If this opportunity is of interest to you with some flexibility, please do discuss with us. Your role The role requires an in-depth understanding of information, technology and business security and risk. Successful candidates will be expected to demonstrate relevant experience working in a dynamic environment dealing with complex challenges, and communicating to all levels of the business. The role is within the Cyber Risk team. Understand the 2nd line Cyber Risk services and support awareness, consultancy and delivery of the services across the business. Build and maintain relationships, provide Cyber Risk subject matter expertise to the wider DBS & Quality & Risk community, identifying and proactively improving key relationships with stakeholders in that community Take a lead on providing Cyber Risk input into client questionnaires, seeking out answers amongst the Cyber Risk team where required and refining the process and knowledge repository Actively support assurance activities over first line information security reviews of new project engagements that deliver technology and services to Deloitte either in real-time or retrospectively as part of schedule assurance sampling to validate that vulnerabilities and findings have been translated clearly into operational or business risks that are tracked through to acceptance or mitigation. Regularly engage with the first line team to understand the technology projects that they are reviewing and keep the second line Cyber Risk team informed of these and upcoming technology changes to facilitate assurance planning. Ensure all the way through that due consideration has been given to the firms risk appetite, regulatory and legal standards and policies as part of consistent and auditable processes. Sampled reviews of security incidents to validate that they have been correctly handled according to risk they bring to the firm Lead assurance activities relating to specific cyber security capabilities/control domains in line with areas of subject expertise across firm systems and processes to report on maturity and effectiveness Engage with internal clients and stakeholders to drive understanding of the value of cyber risk assurance and consolidated risk positions and how these activities help enable the business Work effectively in diverse teams within an inclusive team culture where people are recognised for their contribution Your work, your choice At Deloitte we believe the best impact is the value we add, not the hours we sit at our desk. We carefully consider agile ways of working, both formal and informal, that allow for the best impact for our people and our clients. Please speak to your recruiter about the working pattern that works best for you. Location: Cardiff, with occasional travel to London Work pattern: This is a permanent opportunity. The role can be worked on a full-time basis. Our team members work a variety of agile working patterns. Tell us what arrangement works for you and we’ll try to accommodate. Your professional experience Minimum 3 years’ Information Security experience within a relevant business sector Ability to demonstrate a good understanding of a range of Information Technology systems and of any inherent security risks associated with these technologies Ability to demonstrate understanding of information security principles, accreditations and best practice (e.g., ISO27001 and ISF Standards of Good Practice for Information Security) Ability to understand technology systems and applications from both a technical and business function perspective One or more respected industry qualifications (CISSP/CISM/CISA/CRISC/SABSA) (preferred but not essential) Educated to degree level (2.1 or higher preferred but not essential). Ability to effectively communicate business and technical risk to all potential audiences, strong stakeholder management skills Self-motivated and able to manage multiple concurrent deliverables, good communication skills and ability to provide a positive influence within a team Your service line: Quality, Risk and Security The Quality, Risk and Security (QRS) community is an overarching identity for all of the professionals who manage quality and risk for Deloitte. It comprises: Deloitte Business Security (DBS), National Quality and Risk Management (NQRM), Quality & Risk Operations (QR Ops), and Service Line Quality and Risk Management teams (including Switzerland), and is led by a dedicated partner who sits on the firm’s Executive. Within QRS, we use our skills and experience across a variety of disciplines to support a risk intelligent culture at Deloitte; enabling our partners and practitioners to deliver high quality services to their clients, minimising the administrative burden on our people, and acting as custodians of firm risk, security, ethics and reputation. Personal independence Regulation and controls are standard practice in our industry and Deloitte is no exception. These controls provide important legal protection for both you and the firm. We are subject to a number of audit regulations, one of which requires that certain colleagues abide by specific personal independence constraints. This can mean that you and your "Immediate Family Members" are not permitted to hold certain financial interests (shares, funds, bonds etc.) with audit clients of the firm. The recruitment team will provide further detail as you progress through the recruitment process. For a full job description please visit our online Deloitte Careers portal Requisition code: 174602