Manager, Confidentiality and Data Risk, QRS, Enabling Functions

at  Deloitte

REQ #

16240
Job description

CONNECT TO YOUR INDUSTRY

We are looking for a Manager to join our Confidentiality and Data Risk team within Deloitte Business Security (DBS). The team provides Information Security support to the business by enabling the identification and management of confidentiality, security and data risks throughout Deloitte’s client facing work and internal technologies. Our team enables the business and solution owners to understand and meet client and regulatory information security obligations, reducing potential risk to the firm.
As part of Deloitte’s Quality, Risk and Security (QRS) community Deloitte Business Security (DBS) is the firm’s internal corporate security organisation, providing support to Deloitte and its clients to enable secure business and manage data risk.
QRS is an overarching identity for all the professionals who manage quality and risk for Deloitte. It comprises: Deloitte Business Security (DBS), National Quality and Risk Management (NQRM), Quality & Risk Operations (QR Ops), and Service Line Quality and Risk Management teams (including Switzerland) and is led by a dedicated partner who sits on the firm’s Executive.
Within QRS, we use our skills and experience across a variety of disciplines to support a risk intelligent culture at Deloitte; enabling our partners and practitioners to deliver high quality services to their clients, minimising the administrative burden on our people, and acting as custodians of firm risk, security, ethics, and reputation.

CONNECT TO YOUR SKILLS AND PROFESSIONAL EXPERIENCE

Essential:

• Experience of and demonstrable interest in working in the areas of risk management and/or compliance
• Experience of understanding and the evaluation of information security requirements and corresponding general IT controls (technical, physical, and administrative)
• Ability to work under own initiative and effectively prioritise workloads under pressure, where appropriate escalating issues in a timely manner
• Track record of success in problem solving, team working and building effective relationships
• Understanding of project management processes, and the ability to manage key deliverables
• Excellent written and verbal communication skills and the ability to understand complex documents, with the ability to tailor outputs to meet the needs of the end user
• Excellent interpersonal skills and the ability to develop relationships and manage stakeholders at all levels of seniority, both internally and externally
• A desire for continued learning, with a willingness to develop skills in security, confidentiality, privacy, and risk management

Desirable:

• Experienced technology risk, information security risk or data risk professional with an understanding of IT risk/control or IT audit processes
• Experience of reviewing and negotiating security provisions in contracts
• Experience of working in/with technology teams, understanding data flow, storage and processing aspects of complex solutions
• Experience of managing people either directly as a people manager, or indirectly managing and reviewing workloads and quality
• Experience of managing or facilitating compliance and/or IT security assurance exercises
• Formal security qualification (CISM or equivalent)
• Working knowledge of relevant standards and certifications such as ISO27001, ISO22301, SOC2, ISAE3402 etc.

• Managing client security assurance requests end-to-end (from one off queries to security audits) and where appropriate, presenting our capabilities (or engaging relevant SMEs) back to our clients on matters of information security
• Reviewing client contracts (information security elements) against our cybersecurity standards and policies. Negotiating these contracts with internal and client stakeholders and raising issues of risk relating to these contracts to relevant internal teams
• Driving the quality and efficiency of security questionnaire responses delivered by colleagues in our Cardiff and overseas delivery centres
• Responding to complex queries from internal stakeholders relating to confidentiality and data risk; acting as a trusted point of contact for stakeholders across the business in matters relating to the security related aspects of the role
• Contributing to team objectives to identify operational efficiencies and to streamline processes using emerging technologies; working with colleagues locally and globally on projects to improve our ways of working
• Working with other managers in the Confidentiality and Data Risk team to ensure the effective training and utilisation of resources across multiple disciplines which share a common knowledge se