Join Deloitte’s CISO organization, Technology Controls Advisory, where you will help embed cybersecurity assurance into new services, system changes, and business operations. This role supports globally mandated security lifecycle requirements, security control validation, and risk-informed decision-making across projects and business-as-usual activities. You will work closely with business, project, and technical teams to strengthen control design, track remediation, and improve security outcomes in a fast-paced enterprise environment.
Work you'll do
As an Assistant Manager, Technology Controls Advisory on the CISO team, you will be responsible for:
Partner with business lines and project teams to embed Secure Service Development Lifecycle requirements into new services, systems, and material change initiatives
Define, document, and validate security non-functional requirements, including access control, logging, encryption, resiliency, and vulnerability management requirements before business-as-usual handover
Coordinate cybersecurity assurance activities across code reviews, application security testing, infrastructure vulnerability scanning, and remediation tracking
Provide security assurance input for incident response, change execution, and change advisory board reviews, including risk assessment, control impact analysis, and compensating control recommendations
Assess the design and operating effectiveness of information security controls and information technology general controls, document findings, and track management actions to closure
The team
At Deloitte, we’re all about collaboration. And nowhere is this more apparent than among our 2,000-strong internal services team. With our combined specialist skills, we provide all the essential support and advice our client-facing colleagues need, right across the firm. This enables them to focus all their efforts on delivering the best service possible to their clients. Covering seven distinct areas; Human Resources, Clients & Industries, Finance & Legal, Practice Support Services, Quality & Risk Services, IT Services, and Workplace Services & Real Estate, together we live, breathe and deliver the Deloitte experience.
CISO team is a world class operation with extensive knowledge and experience where you interface with business and technical teams and bring about change and influence across the whole world of Deloitte. As a CyberSecurity Specialist (Assurance) you will support Business Lines/Project teams through the Globally mandated Secure Service Development Lifecycle (SSDLC) when introducing new services and systems, or changes to existing services and systems, whilst also providing relevant information security control requirements.
Location: Hyderabad
Shift Timings: 02:00 PM to 11:00 PM
Qualifications
Required:
Full-time bachelor’s degree in Computer Science, Information Security, or an engineering discipline
Up to 6 years of experience in cyber security, information technology risk, technology audit, or security controls and compliance
Experience applying Secure Service Development Lifecycle requirements across new implementations and change initiatives
Experience conducting information security risk assessments, risk assurance activities, and audit-ready documentation
Experience with ISO/IEC 27001, ISO/IEC 27002, General Data Protection Regulation, Cyber Essentials, or equivalent control frameworks
Experience managing penetration testing, vulnerability remediation, retesting, and closure tracking
Knowledge of cloud security governance, OWASP Top 10, and security principles supporting confidentiality, integrity, and availability
Preferred:
Cloud certification such as AZ-900, AWS Certified Cloud Practitioner, AWS Solutions Architect Associate, or Google Associate Cloud Engineer
ISO 27001, ISO 31000, or equivalent certification
CISA, CISM, AZ-500, CCSP, or equivalent certification
Experience using ServiceNow, RSA Archer, Snyk, Fortify, or Qualys
Experience supporting change advisory board reviews or change risk assessments
Experience documenting security non-functional requirements for enterprise technology services
