Cybersecurity Controls Compliance Lead Analyst

at  Deloitte

REQ #

17281
Job description

CONNECT TO YOUR OPPORTUNITY

The Cybersecurity Controls Compliance Lead Analyst will focus on assessing, testing, and reporting Global and Deloitte Firm compliance with applicable Global Cybersecurity standards at the level of individual controls, and providing subject matter expertise to Global and Deloitte firms to support and enhance compliance efforts. Additionally:

• Actively participate in the planning and development of the technology and cybersecurity controls assurance process and lifecycle.
• Execute the design and implementation of an integrated controls library, enabling the mapping of controls to Deloitte’s internal policies and standards, and external authoritative sources such as ISO27001, ISO22301, NIST, and other frameworks.
• Conduct deep dive assessments to verify the effectiveness of specific Deloitte Firm and Global Shared Services controls in agreement with other team members, and provide constructive recommendations, findings and observations where required.
• Review and validate Deloitte firm action plans providing constructive recommendations and feedback to ensure that identified issues are remediated in a timely manner.
• Track and monitor implementation of action plans to ensure remediation of identified compliance issues.
• Support and execute assessment activities using the GRC platform Service Now.
• Update the Integrated Controls Library (ICL) by liaising with other team members and relevant governance bodies as needed.
• Monitor the effectiveness of the compliance assessment process in accordance with agreed metrics and performance measures to drive continuous improvements.
• Assist with the management of compliance with external requirements such as laws, regulations, and contracts.
• Develop and implement a compliance controls assurance process, assisting in the implementation of this process using the compliance tool (ServiceNow GRC).
• Track and monitor action plans to ensure that identified issues are remediated in a timely manner.
• Develop and implement reporting and metrics on compliance using the ServiceNow GRC tool and support the generation of specific compliance reports and dashboards.
• Continually testing and monitor the effectiveness of security controls.
• Develop and maintain relationships with senior cybersecurity, technology, legal, and risk leaders within DTTL and across Deloitte firms.
• Develop and maintain relationships with DTTL service teams to ensure collaboration and alignment, to understand strategic and tactical priorities, and deliver continuous improvement.
• Work with other Governance, Risk, and Compliance groups and participate in technology and risk working groups as required.
• Participate in the development and implementation of global strategies and provide programs and services that unite the Deloitte network.
• Engage in activities that support and protect Deloitte around the world, operating in a truly global environment.
• Be proactive in seeking out areas for improvement and offer insightful advice and value-added guidance on process and control enhancements.

CONNECT TO YOUR SKILLS AND PROFESSIONAL EXPERIENCE

Education:

• Bachelor’s degree (or equivalent) in business administration, a technology-related field, or equivalent education-related experience.

Experience:

• Proven experience in the Information Security/Cybersecurity domain with a focus on cybersecurity and compliance.
• Experience developing compliance programs, including assessing and managing compliance against agreed standards at the level of individual security controls (administrative, technical/logical, physical) for multiple organizations or business units.
• Experience interacting, presenting, and working with C-level executives (CEO, CIO, etc.).
• Proven track record of organizing and carrying out several risk and compliance projects.
• Experience with GRC (Governance, Risk, and Compliance) management tools such as ServiceNow, or similar GRC management tools.
• Sound knowledge of information/cybersecurity risk management and governance.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST (including 800-53 and the Cybersecurity Framework).
• Excellent written and verbal communication skills and the capability to communicate with cross-functional teams.
• Strong interpersonal and collaborative skills.
• Ability to communicate strategic information security topics, policies, standards, and risk-related concepts to both technical and non-technical audiences at various hierarchical levels.
• Preferred certifications: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), ISO27001 Lead Auditor or other similar, credentials, Certified Information Systems Security Professional (CISSP)

Please refer the Job description for details