Cyber Risk Assistant Manager, Deloitte Business Security, QRS, Cardiff
Your opportunity This is a fantastic opportunity for a results driven individual to join Deloitte Business Security (DBS) - a cross-disciplinary team that supports a risk intelligent culture within Deloitte.
We encourage consideration of flexible ways of working, both formal and informal arrangements that allow for the best outcomes for our people and our clients. If this opportunity is of interest to you with some flexibility, please do discuss with us. Your role
The role requires an in-depth understanding of information, technology and business security and risk. Successful candidates will be expected to demonstrate relevant experience working in a dynamic environment dealing with complex challenges, and communicating to all levels of the business. The role is within the Cyber Risk team.
Your work, your choice
- Understand the 2nd line Cyber Risk services and support awareness, consultancy and delivery of the services across the business.
- Build and maintain relationships, provide Cyber Risk subject matter expertise to the wider DBS & Quality & Risk community, identifying and proactively improving key relationships with stakeholders in that community
- Take a lead on providing Cyber Risk input into client questionnaires, seeking out answers amongst the Cyber Risk team where required and refining the process and knowledge repository
- Actively support assurance activities over first line information security reviews of new project engagements that deliver technology and services to Deloitte either in real-time or retrospectively as part of schedule assurance sampling to validate that vulnerabilities and findings have been translated clearly into operational or business risks that are tracked through to acceptance or mitigation. Regularly engage with the first line team to understand the technology projects that they are reviewing and keep the second line Cyber Risk team informed of these and upcoming technology changes to facilitate assurance planning. Ensure all the way through that due consideration has been given to the firms risk appetite, regulatory and legal standards and policies as part of consistent and auditable processes.
- Sampled reviews of security incidents to validate that they have been correctly handled according to risk they bring to the firm
- Lead assurance activities relating to specific cyber security capabilities/control domains in line with areas of subject expertise across firm systems and processes to report on maturity and effectiveness
- Engage with internal clients and stakeholders to drive understanding of the value of cyber risk assurance and consolidated risk positions and how these activities help enable the business
- Work effectively in diverse teams within an inclusive team culture where people are recognised for their contribution
At Deloitte we believe the best impact is the value we add, not the hours we sit at our desk. We carefully consider agile ways of working, both formal and informal, that allow for the best impact for our people and our clients. Please speak to your recruiter about the working pattern that works best for you.
Cardiff, with occasional travel to London
This is a permanent opportunity.
The role can be worked on a full-time basis.
Our team members work a variety of agile working patterns. Tell us what arrangement works for you and we'll try to accommodate. Your professional experience
Your service line: Quality, Risk and Security
- Minimum 3 years' Information Security experience within a relevant business sector
- Ability to demonstrate a good understanding of a range of Information Technology systems and of any inherent security risks associated with these technologies
- Ability to demonstrate understanding of information security principles, accreditations and best practice (e.g., ISO27001 and ISF Standards of Good Practice for Information Security)
- Ability to understand technology systems and applications from both a technical and business function perspective
- One or more respected industry qualifications (CISSP/CISM/CISA/CRISC/SABSA) (preferred but not essential)
- Educated to degree level (2.1 or higher preferred but not essential).
- Ability to effectively communicate business and technical risk to all potential audiences, strong stakeholder management skills
- Self-motivated and able to manage multiple concurrent deliverables, good communication skills and ability to provide a positive influence within a team
The Quality, Risk and Security (QRS) community is an overarching identity for all of the professionals who manage quality and risk for Deloitte. It comprises: Deloitte Business Security (DBS), National Quality and Risk Management (NQRM), Quality & Risk Operations (QR Ops), and Service Line Quality and Risk Management teams (including Switzerland), and is led by a dedicated partner who sits on the firm's Executive. Within QRS, we use our skills and experience across a variety of disciplines to support a risk intelligent culture at Deloitte; enabling our partners and practitioners to deliver high quality services to their clients, minimising the administrative burden on our people, and acting as custodians of firm risk, security, ethics and reputation. Personal independence
Regulation and controls are standard practice in our industry and Deloitte is no exception. These controls provide important legal protection for both you and the firm. We are subject to a number of audit regulations, one of which requires that certain colleagues abide by specific personal independence constraints. This can mean that you and your "Immediate Family Members" are not permitted to hold certain financial interests (shares, funds, bonds etc.) with audit clients of the firm. The recruitment team will provide further detail as you progress through the recruitment process. About Deloitte Our Purpose & Strategy
To make an impact that matters for our clients, our people and society - defines who we are and what we stand for. Our purpose provides the foundation for our strategy and our aspiration to be the undisputed leader in professional services: this is not about size, it's about being the first choice. The first choice for the largest and most influential clients, and the first choice for the best talent. What do we do?
Deloitte offers global integrated professional services that include Audit & Assurance, Consulting, Financial Advisory, Legal, Risk Advisory and Tax Consulting. Our approach combines intellectual leadership, industrial expertise, insight, consulting & problem solving capabilities whatever the role, technology revolutions and innovation from multiple disciplines to help our clients excel anywhere in the world. Beyond the UK: Deloitte North and South Europe
The UK is part of Deloitte North and South Europe (NSE), the second largest member firm in the Deloitte network. Deloitte NSE combines operations in Belgium, Greece, Ireland, Italy, Malta, the Netherlands, the Nordics (Denmark, Finland, Iceland, Norway and Sweden), Switzerland and the UK. Deloitte NSE brings together 2,500 partners and over 40,000 people, combining our unmatched breadth and depth of capabilities in audit and assurance, consulting, financial advisory, risk advisory, and tax and legal across the region. Being part of Deloitte NSE supports our aspiration to be the undisputed leader in professional services and will create more opportunity and growth for our people. What do we value?
At Deloitte we foster a collaborative culture where talented individuals can produce their best work. We value innovative thinking, diverse insights and a genuinely distinctive level of customer service. We value difference, with respect at the heart of our inclusive culture, and we support agile working arrangements. Hear from some of our people already working at Deloitte in agile ways
. We are proud to have earnt a Top 10 place on the 2018 list of Top 30 Employers for Working Families
for the eighth consecutive year, and to have been listed in The Times Top 50 Employers for Women
for each of the last four years. Being a Leader at Deloitte
Cultural fit and purpose-led leadership is crucial for Deloitte. Our leaders always set the example and inspire their colleagues. They make quality time for people and take an interest in them. They know what matters to people - both inside and outside work - and value them as individuals; always finding opportunities to develop them while showing respect and appreciation.
We expect colleagues at all levels to embrace and live our purpose and our leadership culture by challenging themselves to identify issues that are most important for our clients, our people, and for society and make an impact that matters. We know leadership comes in all shapes and sizes, but our Leadership Charter helps all of our people understand what we're looking for:
- We live our purpose: we act as a role model, embracing and living our purpose and values, and recognising others for the impact they make
- We develop talent: we develop high-performing people and teams through challenging and meaningful opportunities
- We drive performance: we deliver exceptional client service; maximise results and drive high performance from people while fostering collaboration across businesses and borders
- We believe positive influence can make an impact that matters: we influence clients, teams, and individuals positively, leading by example and establishing confident relationships with increasingly senior people
- We move, together, towards a strategic direction: we understand key objectives for clients and Deloitte, aligning people to objectives and setting priorities and direction.
WPFULL SLICSS BANQRM & BACADC
Deloitte LLP is a limited liability partnership registered in England and Wales with registered number OC303675 and its registered office at 1 New Street Square, London EC4A 3HQ, United Kingdom.
Deloitte LLP is the United Kingdom affiliate of Deloitte NSE LLP, a member firm of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"). DTTL and each of its member firms are legally separate and independent entities. DTTL and Deloitte NSE LLP do not provide services to clients. Please see www.deloitte.com/about to learn more about our global network of member firms.
© 2019 Deloitte LLP. All rights reserved.
Requisition code: 174602