ERS Manager for Cyber Risk

Deloitte drives progress. Our firms around the world help clients become leaders wherever they choose to compete. Deloitte invests in outstanding people of diverse talents and backgrounds and empowers them to achieve more than they could elsewhere. Our work combines advice with action and integrity. We believe that when our clients and society are stronger, so are we.

ERS Manager in Technology Risk, Cyber Risk Services to play lead role in engagement planning, execution, quality control, engagement economics, and billing and participate in proposal development efforts. Demonstrate a general knowledge of market trends and competitor activities and assist in retention of professionals. Identify and evaluate complex business and technology risks, internal controls that mitigate risks, and related opportunities for internal control improvement. Assist in the selection and tailoring of approaches, methods, and tools to support service offerings or industry projects. Use technology-based tools or methodologies to review, design, and/or implement products and services. Construct and assess high-level and detailed risk management programs translating business needs and regulatory requirements into cost effective and risk appropriate controls. Identify opportunities to improve engagement profitability. Understand clients’ business environment and basic risk management approaches. Develop risk management and information security strategies and plans based upon generally accepted security standards. Utilize knowledge of business processes, internal control risk management, IT controls, business and information technology management processes, and market trends on client engagements. Build and nurture strong client relationships.

* Bachelor's (or higher) degree in Business Administration, Information Technology, Computer Science, Computer Engineering, Information Systems or related field (willing to accept foreign education equivalent). * Five years of Information Technology experience. * Experience must include two years of: * Performing business impact analysis (BIA) and threat assessment protocol (TAP) to setup a business continuity management (BCP) program; * Performing Payment Card Industry Data Security Standards (PCI DSS) readiness assessment; * Performing vendor and asset risk management and information security management program maturity assessments using National Institute of Standards and Technology (NIST) Capability Maturity Model (CMM); * Designing, developing and implementing vendor risk management solutions and business continuity management solutions that enable control testing based on regulatory requirements and industry best practices using RSA Archer for banking sector; * Performing onsite vendor risk assessments based on regulatory requirements and industry best practices including International Organization for Standardization (ISO) and Payment Card Industry Data Security Standards (PCI DSS); * Performing gap assessment, and creating remediation plan & roadmap as part of data privacy program assessment; * Defining data classification standard & policy, performing data flow analysis, and building a go-forward data classification rollout plan for multi-billion dollar organizations; and * Mapping the flow of personal information and performing personal information inventory across business processes based on safeguards prescribed by Gramm–Leach–Bliley (GLBA) Act for banking organizations. * Must have one of the following certifications: CISSP, CISA, or CIPP. * Position requires approximately 80% travel.